[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
Re: [xml-dev] Illustrating the Risk of Unconstrained Strings
- From: David Carlisle <d.p.carlisle@gmail.com>
- To: "Costello, Roger L." <costello@mitre.org>
- Date: Sat, 7 Nov 2015 13:19:59 +0000
On 7 November 2015 at 12:46, Costello, Roger L. <costello@mitre.org> wrote:
> Hi Folks,
>
> A colleague and I created a graphic which illustrates the risk of unconstrained strings:
>
> http://www.xfront.com/Illustrating-the-Risk-of-Unconstrained-Strings.pdf
>
> /Roger
>
> __
Sadly like many graphics purporting to illustrate some mathematical
data, it doesn't illustrate anything.
There is no definition of the values used, and no units on the
diagram, so it is just a quarter circle
randomly coloured with no information content.
The first sentence isn't clearly true (the terms are undefined so it
is hard to be sure).
But the way to prevent a string containing malicious content is to control
write access to it.
If I have a string of length 1 constrained to be "0" or "1" that is
somewhere in the green section of
your picture, I assume. But if it is 1=nuclear destruction 0=do
nothing, then it has a 50%
chance of having malicious content if there are no controls over what
is writing to it.
If 50% is green what percentages do red represent?
David
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
