Re: Hostility to "binary XML" (was Re: XML 2004 webl
On Mon, Nov 22, 2004 at 11:52:09PM +0200, Oleg Tkachenko wrote: > Liam Quin wrote: > >One can do validation in the writer and then plausibly skip the sort of > >checks you mention in a reader, and still be talking about XML, even > >with today's textual interchange formats. > > I believe that would be a disaster from security's "all input is evil" > point of view. I didn't say to skip _all_ checks!!! Nor in fact do I think it's a good thing. A better way is to design a format in which such checks are not needed because the format can't represent the error conditions which Derek mentioned. Doing that generally requires a schema-aware connection (or at least DTD-aware). In practice I doubt that checking for duplicated attribute values is often a significant CPU expense but I haven't ever measured. The trick here would be to design the next layer up (the application) to be robust in the face of such errors, and to design the unbinarification layer to deliver the input robustly. This is an issue for all processing, whether of data generated internally within a program or externally and read as input. Part of the trick to getting it right lies in identifying the boundaries correctly, but there's no single right answer to writing secure and/or robust systems, and relaxing constraints on the input data shouldn't be the deciding factor. Liam -- Liam Quin, W3C XML Activity Lead, http://www.w3.org/People/Quin/ http://www.holoweb.net/~liam/
PURCHASE STYLUS STUDIO ONLINE TODAY!
Purchasing Stylus Studio from our online shop is Easy, Secure and Value Priced!
Download The World's Best XML IDE!
Accelerate XML development with our award-winning XML IDE - Download a free trial today!
Subscribe in XML format