|
[XML-DEV Mailing List Archive Home] [By Thread] [By Date] [Recent Entries] [Reply To This Message] Re: Excellent IETF BCP on XML
Bullard, Claude L (Len) wrote: > Tim Bray assured us on the www-tag list that > the namespace UR:/URI in no way is a security issue > and cited his experience with security agencies > of the US Government. I gotta believe they > thought about this. In effect, the protocol > designer has to specify what is to be done > via automagic dereferencing as URIs are always > dereferenceable. I don't believe this for a second and hope I didn't say that. Should something like RDDL take off it would provide a convient place for black-hats to point to subversive code that does nasty stuff. Note that dereferencing a URI via GET is in principle and as far as I can tell in practice safe, assuming you protect against infinitely-large resource representations. Acting on the data you get carries risk that is in principle and in practice unbounded and requires all sorts of trust infrastructure -Tim
|
PURCHASE STYLUS STUDIO ONLINE TODAY!Purchasing Stylus Studio from our online shop is Easy, Secure and Value Priced! Download The World's Best XML IDE!Accelerate XML development with our award-winning XML IDE - Download a free trial today! Subscribe in XML format
|
|||||||||

Cart








