[XML-DEV Mailing List Archive Home] [By Thread] [By Date] [Recent Entries] [Reply To This Message]

Re: Excellent IETF BCP on XML

• To: XML Dev <xml-dev@l...>
• Subject: Re: Excellent IETF BCP on XML
• From: Miles Sabin <miles@m...>
• Date: Fri, 22 Nov 2002 20:35:26 +0000
• In-reply-to: <r01050400-1022-14270CF0FE5611D6B3280003937A08C2@[192.168.124.21]>
• References: <r01050400-1022-14270CF0FE5611D6B3280003937A08C2@[192.168.124.21]>

Simon St.Laurent wrote,
> rsalz@d... (Rich Salz) writes:
> > No, a namespace URI is an identifier, and therefore need not be
> > followed. The document (which is excellent) is talking about, you
> > know, external ENTITY things.
>
> So is RDDL now a security risk?

Potentially ... yes.

How many times have we discussed the external entity thing on this list 
now? Any of the issues with them apply equally here.

And in fact David Megginson warned about the dangers of automagically 
dereferencing namespace URIs long before RDDL came along,

  http://lists.xml.org/archives/xml-dev/200101/msg00057.html

Cheers,


Miles

• Follow-Ups:
  • RE: Excellent IETF BCP on XML
    • From: "Julian Reschke" <julian.reschke@g...>
  • Re: Excellent IETF BCP on XML
    • From: "Simon St.Laurent" <simonstl@s...>

• References:
  • Re: Excellent IETF BCP on XML
    • From: "Simon St.Laurent" <simonstl@s...>

• Prev by Date: Re: Excellent IETF BCP on XML
• Next by Date: Re: Excellent IETF BCP on XML
• Previous by thread: Re: Excellent IETF BCP on XML
• Next by thread: Re: Excellent IETF BCP on XML
• Index(es):
  • Date
  • Thread