[XML-DEV Mailing List Archive Home] [By Thread] [By Date] [Recent Entries] [Reply To This Message]

FW: XML Schemas: Best Practices

  • From: "Arnold, Curt" <Curt.Arnold@h...>
  • To: "'xml-dev@l...'" <xml-dev@l...>
  • Date: Wed, 17 Jan 2001 09:51:41 -0700

schema type substitution


-----Original Message-----
From: Arnold, Curt 
Sent: Tuesday, January 16, 2001 5:41 PM
To: 'Roger L. Costello'
Subject: RE: XML Schemas: Best Practices


One imported dimension that must be considered is whether retrieval of potentially hostile schema resources is required for extensibility.  Basically, it would be pretty easy to write schemas that
exploited holes in schema processors to do denial of service type attacks.  Most production systems would only trust schema resources that were predetermined as being safe and would depend on cached
versions of those resources.  If you went to XTech 2000, basically the same idea of David Megginson's, "When XML turns Ugly" presentation (http://www.megginson.com/ugly/index.html)

If you require retrieving schema resources to perform extension, then you are limiting those with the ability to extend the schema to those well-known and trusted organizations and even then you
wouldn't do it dynamically in case someone broke into the MIT offices that host the W3C servers.  That is, a W3C schema that used those methods could not be extended by Example, Inc, if it depended on
loading a schema resource from http://www.example.com .

>         <Book xsi:type="BookTypePlusReviewer">
...
>              <Reviewer>Roger Costello</Reviewer>
>         </Book>
> 

If the schema processor can't retrieve or doesn't trust the schema resource for BookTypePlusReviewer (I assume that you meant it to be in a different namespace so it could be in a different schema
from the base Book definition), it can't verify that costello:BookTypePlusReviewer is derived from BookType and would have to reject the document.

Using <any processContents="lax"/> or similar allow you to accept documents with subsections that you don't have (or don't trust) the schema resources.  Type substitution requires that you do trust.

I can't really fully respond at this time, more to follow tomorrow.

PURCHASE STYLUS STUDIO ONLINE TODAY!

Purchasing Stylus Studio from our online shop is Easy, Secure and Value Priced!

Buy Stylus Studio Now

Download The World's Best XML IDE!

Accelerate XML development with our award-winning XML IDE - Download a free trial today!

Don't miss another message! Subscribe to this list today.
Email
First Name
Last Name
Company
Subscribe in XML format
RSS 2.0
Atom 0.3
 

Stylus Studio has published XML-DEV in RSS and ATOM formats, enabling users to easily subcribe to the list from their preferred news reader application.


Stylus Studio Sponsored Links are added links designed to provide related and additional information to the visitors of this website. they were not included by the author in the initial post. To view the content without the Sponsor Links please click here.

Site Map | Privacy Policy | Terms of Use | Trademarks
Free Stylus Studio XML Training:
W3C Member
Stylus Studio® and DataDirect XQuery ™are products from DataDirect Technologies, is a registered trademark of Progress Software Corporation, in the U.S. and other countries. © 2004-2013 All Rights Reserved.