[XML-DEV Mailing List Archive Home] [By Thread] [By Date] [Recent Entries] [Reply To This Message]

Re: XInclude: security risk 1

• To: xml-dev@l...
• Subject: Re: XInclude: security risk 1
• From: Miles Sabin <miles@m...>
• Date: Sat, 26 Oct 2002 19:16:57 +0100
• In-reply-to: <4.2.0.58.20021026135751.00a5a2e0@p...>
• References: <4.2.0.58.20021026135751.00a5a2e0@p...>

Simon St.Laurent wrote,
> It reminds me a bit of the issues that David Megginson raised back at
> XTech 2000:
> http://www.xml.com/pub/a/2000/02/xtech/megginson.html
>
> I can't find David's original slides,

You mean these?

  http://www.megginson.com/ugly/slides/slide0001.html

There's also this thread of DMs on traffic analysis, 

  http://lists.xml.org/archives/xml-dev/200101/msg00057.html

which is related. And a little while ago I suggested this,

  http://lists.xml.org/archives/xml-dev/200206/msg00247.html

which does similar firewall penetration tricks as ERHs example, only 
without XInclude, just a parser which retrieves external entities.

Cheers,


Miles

• References:
  • Re: XInclude: security risk 1
    • From: "Simon St.Laurent" <simonstl@s...>

• Prev by Date: Re: XInclude: security risk 1
• Next by Date: What are Schemas For?
• Previous by thread: Re: XInclude: security risk 1
• Next by thread: Re: XInclude: security risk 1
• Index(es):
  • Date
  • Thread