XML Editor - Download a Free Trial >
See What's New >
Buy Now >

[XML-DEV Mailing List Archive Home] [By Thread] [By Date] [Recent Entries] [Reply To This Message]

Schema problems

  • From: David Megginson <david@m...>
  • To: "XMLDev list" <xml-dev@i...>
  • Date: Wed, 1 Sep 1999 12:42:27 -0400 (EDT)
schema problems
Play the video
Oren Ben-Kiki writes:

 > > By allowing documents without explicit DOCTYPE declarations, XML (and,
 > > eventually, WebSGML) acknowledged that document instances can exist
 > > independently of schemas, and thus, that there can potentially be
 > > *many* schemas applied to any existing document.
 > 
 > Doesn't this contradict (a)? That is, must all these schemas agree
 > on the default values? Or is it intentional that you can replace
 > the default values as well?

That's a very messy question.  Personally, I'd be happy to accept a
schema spec that *didn't* specify default values.  I don't think that
most client-side XML is going to use schemas, whatever standard
emerges, because schemas introduce non-constant-time problems and
(with default values) security issues into the equation.

Non-constant-time
-----------------

A schema is a separate resource that may reference other schemas
recursively, so I cannot safely predict how much parser (and, more
seriously, how much network activity) will be required to process a
document.

Security
--------

If schemas contain default values, those default values might
compromise the security of my document (say, by providing a default
value of 'public' for an 'access' variable that was unspecified in the 
original document).  Again, since schemas can reference other schemas, 
they're only as secure as the entire tree -- for example, if the
schema refers to another at the w3.org Web site, and someone cracks
w3.org, they've effectively cracked my schema (and my document) as
well.


All the best,


David

-- 
David Megginson                 david@m...
           http://www.megginson.com/

xml-dev: A list for W3C XML Developers. To post, mailto:xml-dev@i...
Archived as: http://www.lists.ic.ac.uk/hypermail/xml-dev/ and on CD-ROM/ISBN 981-02-3594-1
To (un)subscribe, mailto:majordomo@i... the following message;
(un)subscribe xml-dev
To subscribe to the digests, mailto:majordomo@i... the following message;
subscribe xml-dev-digest
List coordinator, Henry Rzepa (mailto:rzepa@i...)

PURCHASE STYLUS STUDIO ONLINE TODAY!

Purchasing Stylus Studio from our online shop is Easy, Secure and Value Priced!

Buy Stylus Studio Now

Download The World's Best XML IDE!

Accelerate XML development with our award-winning XML IDE - Download a free trial today!

Don't miss another message! Subscribe to this list today.
Email
First Name
Last Name
Company
Subscribe in XML format
RSS 2.0
Atom 0.3
 

Stylus Studio has published XML-DEV in RSS and ATOM formats, enabling users to easily subcribe to the list from their preferred news reader application.


Stylus Studio Sponsored Links are added links designed to provide related and additional information to the visitors of this website. they were not included by the author in the initial post. To view the content without the Sponsor Links please click here.

XML Editor - Download a 15 Day Free Trial Now >
See What's New in Stylus Studio >
Buy Stylus Studio - XML Editor - Now >
Site Map | Privacy Policy | Terms of Use | Trademarks
Free Stylus Studio XML Training:
W3C Member
Stylus Studio® and DataDirect XQuery ™are products from DataDirect Technologies, is a registered trademark of Progress Software Corporation, in the U.S. and other countries. © 2004-2013 All Rights Reserved.