Cart
|
[XML-DEV Mailing List Archive Home] [By Thread] [By Date] [Recent Entries] [Reply To This Message] RE: The sky is falling! XML's dirty secret! Go back! It's a
 I understand the "knowing where to look" in terms of securing a system by knowing what it's vulnerabilities are. I can't find any article that states definitively if XML helps the cracker (is it a vulnerability by nature exploitable by a malicious agent, not by ignorance (a person transmitting unencrypted data, a person leaving XML files "in the open")). So far, I've seen no evidence that XML makes it easier to crack the encryption; just that once it is cracked, it is easier to understand, which is of course, why markup is used anyway. The article referenced in the referenced article has gone bye bye. Given the long history of Internet specs for producing insecure systems, one would think someone would have a definitive answer but given the rush to adopt Internet technology, maybe not. The sky is always falling on the web. ;-) len From: Rich Salz [mailto:rsalz@d...] > If the answer is, experts disagree, there is liability and a > real problem to be solved somewhere. That there are costs > is assumed. So far, the only XML-specific risks I've heard about are various attacks on Unicode[1]. I think most security people assume that the bad guys know what they're looking for (except perhaps Carnivore :), so it doesn't matter if the data is XML, ASCII, or private extension fields in EDI. > XML posits that we all drive the same car and > so will be equally liable. Not really; it's more like specifying standard positions for the steering wheel, gas pedal, etc. As I said: knowing where to look. /r$ [1] http://www.counterpane.com/crypto-gram-0007.html#9 
|
PURCHASE STYLUS STUDIO ONLINE TODAY!Purchasing Stylus Studio from our online shop is Easy, Secure and Value Priced! 
Download The World's Best XML IDE!Accelerate XML development with our award-winning XML IDE - Download a free trial today! Subscribe in XML format
|
|||||||||
