Re: Malicious documents? (WAS: Interesting mailing list & a r
Simon St.Laurent wrote, > David Megginson had a nice piece to this effect a few years ago: > http://www.megginson.com/ugly/index.html > > "When XML Turns Ugly" > > This was pre-schema, and still largely client-oriented, but has a lot > of interesting pieces on the dangers of XML processing. Now you mention it, I do remember a discussion of the some of the privacy issues a few years ago (I vaguely remember David mentioning grepping HTTP/DNS server logs for retrievals of external entities). That might very well be when I started worrying about these things. To the best of my knowledge tho', there hasn't been much discussion of using external entities, or schemata, or RDDL, for active attacks as opposed to snooping. Cheers, Miles
PURCHASE STYLUS STUDIO ONLINE TODAY!
Purchasing Stylus Studio from our online shop is Easy, Secure and Value Priced!
Download The World's Best XML IDE!
Accelerate XML development with our award-winning XML IDE - Download a free trial today!
Subscribe in XML format