XML Editor - Download a Free Trial >
See What's New >
Buy Now >

[XML-DEV Mailing List Archive Home] [By Thread] [By Date] [Recent Entries] [Reply To This Message]

Re: Elliotte Rusty Harold on Web Services

recursive web service
Play the video
On Sun, Feb 02, 2003 at 08:10:59AM -0700, Uche Ogbuji wrote:
> > On the "XML community" critique, the way I see it is that the Web services 
> > people are pushing the XML envelope in ways it was not pushed before, and 
> > have found it wanting: Things like entity references play hell with 
> > efficient buffer management in high-performance parsers;
> 
> Silly rabbit, XML is for folks who want XML, not for folks who want "efficient 
> buffer management in high-performance parsers".  If everyone who found XML 

  Right, I think it's time to bite. If you want high speed parsing
don't use entities, okay. This mean don't use entities *in the instances*.
If you have troubles because of the time taken to compare the current char
and not take the associated branch to handle the "if" then I seriously
think you must change your parser implementation language, you have a serious
problem with your compiler or the way you implemented memory management !!!
  This is pure non-sense. Now, about being afraid of recursive entities
references in the internal subset leading to possible DoS, first
your service is still vulnerable to DoS with infinite input or high
rates of input request/data in completely similar ways, second if the
recursion frighten you simple put a guard for the depth of the recursion
like I did in libxml2, nobody ever complained about it and such recursion
is immediately detected and the parser halts with an error.
  I seriously think that at least those 2 arguments don't stand in the
face of real code engineering, especially if you follow basic good
coding practises. It doesn't mean that defining one subset of XML 
might not be a worthy exercise, but those justifications are IMHO
totally impropers to guide this work.
<blunt>
   Enough bullshit !
</blunt>

Daniel

-- 
Daniel Veillard      | Red Hat Network https://rhn.redhat.com/
veillard@r...  | libxml GNOME XML XSLT toolkit  http://xmlsoft.org/
http://veillard.com/ | Rpmfind RPM search engine http://rpmfind.net/

PURCHASE STYLUS STUDIO ONLINE TODAY!

Purchasing Stylus Studio from our online shop is Easy, Secure and Value Priced!

Buy Stylus Studio Now

Download The World's Best XML IDE!

Accelerate XML development with our award-winning XML IDE - Download a free trial today!

Don't miss another message! Subscribe to this list today.
Email
First Name
Last Name
Company
Subscribe in XML format
RSS 2.0
Atom 0.3
 

Stylus Studio has published XML-DEV in RSS and ATOM formats, enabling users to easily subcribe to the list from their preferred news reader application.


Stylus Studio Sponsored Links are added links designed to provide related and additional information to the visitors of this website. they were not included by the author in the initial post. To view the content without the Sponsor Links please click here.

XML Editor - Download a 15 Day Free Trial Now >
See What's New in Stylus Studio >
Buy Stylus Studio - XML Editor - Now >
Site Map | Privacy Policy | Terms of Use | Trademarks
Free Stylus Studio XML Training:
W3C Member
Stylus Studio® and DataDirect XQuery ™are products from DataDirect Technologies, is a registered trademark of Progress Software Corporation, in the U.S. and other countries. © 2004-2013 All Rights Reserved.