|
[XML-DEV Mailing List Archive Home] [By Thread] [By Date] [Recent Entries] [Reply To This Message] Re: Excellent IETF BCP on XML
Bullard, Claude L (Len) wrote, > Yep. However, since packets are sniffable? Umm ... you've not been paying attention, have you ;-) Other than the stuff David mentioned, the external entity attacks I disussed here, http://lists.xml.org/archives/xml-dev/200206/msg00240.html http://lists.xml.org/archives/xml-dev/200206/msg00247.html are directly applicable if RDDL documents are retrieved recklessly. Elliotte RH's XInclude attack is similar, http://lists.xml.org/archives/xml-dev/200210/msg01461.html and he came up with another entity variant here, http://lists.xml.org/archives/xml-dev/200211/msg00027.html And there was also the BugTraq advisory reporting poor choices of default retreival behaviour for external entities here by several widely deployed parsers, http://online.securityfocus.com/archive/1/297714/2002-10-27/2002-11-02/0 I wouldn't be at all surprised if we see another one some time in the future reporting poor choices of retrieval behaviour for RDDL documents. Cheers, Miles
|
PURCHASE STYLUS STUDIO ONLINE TODAY!Purchasing Stylus Studio from our online shop is Easy, Secure and Value Priced! Download The World's Best XML IDE!Accelerate XML development with our award-winning XML IDE - Download a free trial today! Subscribe in XML format
|
|||||||||

Cart








