RE: The <any/> element: bane of security or savior of versioni

From: "Michael Kay" <mike@s...>
To: "'Costello, Roger L.'" <costello@m...>,<xml-dev@l...>
Date: Fri, 19 Oct 2007 13:17:54 +0100

Play the video

> From a security perspective the <any/> element represents a 
> high risk and should be avoided if possible. 

Why? This sounds as crazy as banning .xml attachments (or .zip attachments)
as a security risk. 

If you want to stop people communicating, then regulating the markup that's
used isn't going to achieve the aim.

If you want to stop recipients of information doing bad things, then control
the recipients.

Michael Kay
http://www.saxonica.com/

References:
- The <any/> element: bane of security or savior of versioning?
  - From: "Costello, Roger L." <costello@m...>

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index]

PURCHASE STYLUS STUDIO ONLINE TODAY!

Purchasing Stylus Studio from our online shop is Easy, Secure and Value Priced!

Download The World's Best XML IDE!

Accelerate XML development with our award-winning XML IDE - Download a free trial today!

Subscribe in XML format

RSS 2.0
Atom 0.3

Stylus Studio has published XML-DEV in RSS and ATOM formats, enabling users to easily subcribe to the list from their preferred news reader application.

Stylus Studio Sponsored Links are added links designed to provide related and additional information to the visitors of this website. they were not included by the author in the initial post. To view the content without the Sponsor Links please click here.

XML Editor - Download a 15 Day Free Trial Now >

See What's New in Stylus Studio >

Buy Stylus Studio - XML Editor - Now >