[XML-DEV Mailing List Archive Home] [By Thread] [By Date] [Recent Entries] [Reply To This Message]

RE: Extra headaches of securing XML

• To: 'Tim Bray' <tbray@t...>
• Subject: RE: Extra headaches of securing XML
• From: "Bullard, Claude L (Len)" <clbullar@i...>
• Date: Tue, 30 Mar 2004 12:44:58 -0600
• Cc: "'Hunsberger, Peter'" <Peter.Hunsberger@s...>, xml-dev@l..., Gerben Rampaart <VisualBasic@H...>

That would be my take too.  We're outdriving the headlights 
on roads we've not traveled.  When asked to rebut, I replied 
that they should get security experts and recommended one 
from this list as a place to start.  These are issues worth 
understanding better.

len


From: Tim Bray [mailto:tbray@t...]

On Mar 30, 2004, at 8:40 AM, Bullard, Claude L (Len) wrote:

> It isn't a very good article.

It could have been worse.  His editor was telling him to write that XML 
was inherently less secure because it was textual and therefore more 
readable.  Yow.  With respect to Web Services, I think the key point is 
indeed that all this WS-mumble stuff is becoming frighteningly complex 
and I'd bet a zillion bucks that there are awful vulnerabilities 
lurking in the cracks where nobody could possibly have thought to look. 
  -Tim

• Prev by Date: Re: Extra headaches of securing XML
• Next by Date: SAX2: When to resolve System Ids
• Previous by thread: Re: Extra headaches of securing XML
• Next by thread: RE: Extra headaches of securing XML
• Index(es):
  • Date
  • Thread