Re: Extra headaches of securing XML

To: xml-dev@l...
Subject: Re: Extra headaches of securing XML
From: Gregory Murphy <Gregory.Murphy@e...>
Date: Tue, 30 Mar 2004 11:13:19 -0800 (PST)
In-reply-to: <4069B802.9050302@d...>

Play the video

On Tue, 30 Mar 2004, Rich Salz wrote:

> > and I'd bet a zillion bucks that there are awful vulnerabilities lurking 
> > in the cracks where nobody could possibly have thought to look.  -Tim
> 
> There are some that are inherent in XML itself: entities for example, 
> and the fact that there are no size limits (element name with 1e6 
> characters, or 1e6 attributes, or a document 1e6 elements deep). This 
> makes XML inherently more "dangerous" than classic binary formats like 
> ASN.1/DER.

Maybe SGML would be more secure? Hard limits on element name sizes and
attribute counts could be enforced in the SGML declaration.

// Gregory Murphy.  Isopaleocopria.

References:
- Re: Extra headaches of securing XML
  - From: Rich Salz <rsalz@d...>

Prev by Date: Re: xml databases
Next by Date: RE: Extra headaches of securing XML
Previous by thread: Re: Extra headaches of securing XML
Next by thread: RE: Extra headaches of securing XML
Index(es):
- Date
- Thread

PURCHASE STYLUS STUDIO ONLINE TODAY!

Purchasing Stylus Studio from our online shop is Easy, Secure and Value Priced!

Download The World's Best XML IDE!

Accelerate XML development with our award-winning XML IDE - Download a free trial today!

Subscribe in XML format

RSS 2.0
Atom 0.3

Stylus Studio has published XML-DEV in RSS and ATOM formats, enabling users to easily subcribe to the list from their preferred news reader application.

Stylus Studio Sponsored Links are added links designed to provide related and additional information to the visitors of this website. they were not included by the author in the initial post. To view the content without the Sponsor Links please click here.

XML Editor - Download a 15 Day Free Trial Now >

See What's New in Stylus Studio >

Buy Stylus Studio - XML Editor - Now >