Cart
[Home] [By Thread] [By Date] [Recent Entries]
Seriously curious. What aspect of XML makes it unsuitable for a hardened data transfer format ? (Assuming the channel itself is hardened). I know that the US Military is using XML to transfer strategic information in a very hardened fashion. What aspect of XML makes that something that you would not choose ? (and some other format fares better). Yes I know that certian *processors* of XML may have volunerability. But what about the XML Format itself makes inherently less secure ? It's just bits under the hood ... as with any other data format. Isnt security and protection up to the processor of those bits ? Not the bits themselves ? Perhaps (likely?) I am missing something really obvious ... ---------------------------------------- David A. Lee dlee@c... http://www.xmlsh.org -----Original Message----- From: Simon St.Laurent [mailto:simonstl@s...] Sent: Sunday, April 14, 2013 1:40 PM To: xml-dev@l... Subject: Re: Features of XML Languages that Increase Complexity? On 4/14/13 12:08 PM, Costello, Roger L. wrote: > I reckon there's not much point in creating an awesome XML language > if its complexity exposes input-processing applications to widespread > vulnerabilities. It all depends on the context of that processing. The vulnerabilities you see in XML seem most likely to create denial-of-service possibilities, and there are many many cases where at most that creates a headache followed by a stern note not to do that again. If you are striving to create something hardened and operating in real time, you probably need either not to use XML or to build some slight intelligence and monitoring into your processing system. I don't think any of that work is unusual today. Letting such processing run fully automatic, especially in an environment you consider both critical and already compromised, seems like a poor software design decision. Thanks, -- Simon St.Laurent http://simonstl.com/ _______________________________________________________________________ XML-DEV is a publicly archived, unmoderated list hosted by OASIS to support XML implementation and development. To minimize spam in the archives, you must subscribe before posting. [Un]Subscribe/change address: http://www.oasis-open.org/mlmanage/ Or unsubscribe: xml-dev-unsubscribe@l... subscribe: xml-dev-subscribe@l... List archive: http://lists.xml.org/archives/xml-dev/ List Guidelines: http://www.oasis-open.org/maillists/guidelines.php
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] |
