XML Editor - Download a Free Trial >
See What's New >
Buy Now >

[XML-DEV Mailing List Archive Home] [By Thread] [By Date] [Recent Entries] [Reply To This Message]

RE: Word 2003 schemas available

  • To: "Murali Mani" <mani@C...>
  • Subject: RE: Word 2003 schemas available
  • From: "Michael Rys" <mrys@m...>
  • Date: Tue, 18 Nov 2003 11:34:20 -0800
  • Cc: <xml-dev@l...>
  • Thread-index: AcOuCSwJebulfPjLSn6RYEHaJeorVgAAD1PA
  • Thread-topic: Word 2003 schemas available
word 2003 markup
Play the video
You are welcome.

Also note that an application that gets the SQLXML template and has no
clue what the sql:query elements mean, will probably not do anything
with it. And the same is true for an application that does not
understand the XML stylesheet PI.

Conclusion: It is the program that interprets the data that may have
security issue, not the data per se. Although, obviously, for any given
system threat analysis, you will have to look at both and analyze their
interaction...

Best regards
Michael


> -----Original Message-----
> From: Murali Mani [mailto:mani@C...]
> Sent: Tuesday, November 18, 2003 11:21 AM
> To: Michael Rys
> Cc: xml-dev@l...
> Subject: RE:  Word 2003 schemas available
> 
> 
> thanks for the clarifications.. This illustrates what the PI in XML
can do
> etc..
> 
> I guess if there is some security/access control aspects in XML, then
> probably a right perspective is: how to give access to different
portions
> of an XML document to different users.. I will keep it in mind, if I
have
> to review works in these areas.
> 
> best, murali.
> 
> On Tue, 18 Nov 2003, Michael Rys wrote:
> 
> > The point regarding PIs is that it is just markup and has no
semantics.
> > Only a processor that sees the PI and understands its target will
act on
> > it. It does not introduce "code" into XML any more or any less than
an
> > element with a specific markup.
> >
> > For example, for SQL Server 2000 we designed a so called SQLXML
> > template: an XML file that contains markup with special names that
> > execute a query against a database. We decided to use a special
> > namespace and XML elements for giving this information, but
> > theoretically, we could have used processing-instructions as well.
XSLT
> > processors for example interpret a special PI as an instruction to
> > transform an XML document containing that PI using the indicated
XSLT
> > transform. Theoretically, XSLT could have chosen an XML element in a
> > special namespace for doing so.
> >
> > There are some trade-offs to be made, but neither approach is more
or
> > less secure per se.
> >
> > Best regards
> > Michael
> 
>

PURCHASE STYLUS STUDIO ONLINE TODAY!

Purchasing Stylus Studio from our online shop is Easy, Secure and Value Priced!

Buy Stylus Studio Now

Download The World's Best XML IDE!

Accelerate XML development with our award-winning XML IDE - Download a free trial today!

Don't miss another message! Subscribe to this list today.
Email
First Name
Last Name
Company
Subscribe in XML format
RSS 2.0
Atom 0.3
 

Stylus Studio has published XML-DEV in RSS and ATOM formats, enabling users to easily subcribe to the list from their preferred news reader application.


Stylus Studio Sponsored Links are added links designed to provide related and additional information to the visitors of this website. they were not included by the author in the initial post. To view the content without the Sponsor Links please click here.

XML Editor - Download a 15 Day Free Trial Now >
See What's New in Stylus Studio >
Buy Stylus Studio - XML Editor - Now >
Site Map | Privacy Policy | Terms of Use | Trademarks
Free Stylus Studio XML Training:
W3C Member
Stylus Studio® and DataDirect XQuery ™are products from DataDirect Technologies, is a registered trademark of Progress Software Corporation, in the U.S. and other countries. © 2004-2013 All Rights Reserved.