[XML-DEV Mailing List Archive Home] [By Thread] [By Date] [Recent Entries] [Reply To This Message]

RE: xsd validation was RE: XPath/XSLT 2.0 concerns

• To: <xml-dev@l...>
• Subject: RE: xsd validation was RE: XPath/XSLT 2.0 concerns
• From: "Gerben Rampaart (Casnet Rotterdam)" <Gerben@C...>
• Date: Thu, 3 Oct 2002 14:33:42 +0200
• Importance: Normal
• In-reply-to: <Pine.LNX.4.44L0.0210030714160.32525-100000@s...>

>I know of several places where folks are doing schema validation on *their
>own output* as well as everywhere they get an incoming XML message.
>Perhaps they are less sanguine than you are about bugs.

It is pretty obvious that I am referring to the fact that XML is used by
many developers as an easy data storage which they put in and pull out data
and is handled without much fuzz by the parser ... it is just an easier way
of app developement. Is this very elegant ? ermmm ... no. But take into
consideration that XML is perfectly useable without DTD / XSD which requires
more knowledge of XML and the gain is (in this situation) minimal.

>These are mostly financial institutions.  As some of them have some of my
>money, I'm glad they are so cautious.

I sure hope that those financial institutions you talk about use secure
connections and heavy encryption for their communications and not depend no
DTD or XSD to filter out malicious parties.

Gerben.


-----Original Message-----
From: Rich Salz [mailto:rsalz@d...]
Sent: 03 October 2002 13:18
To: Gerben Rampaart (Casnet Rotterdam)
Cc: bryan; 'Tim Bray'; xml-dev@l...
Subject: RE:  xsd validation was RE:  XPath/XSLT 2.0
concerns


> Indeed, not many I would think. Truth is that many developers / teams
choose
> for XML as the communication language between various components of their
> application which they all write themselves. And why would you use
> validation in such a case ? You know perfectly well which XML is being
> generated ... it's not going to change overnight. One side on the app
> generates and the other side receives (and vice-versa) ... no need for a
DTD
> or XSD.
>
> Agreed ?

No.

I know of several places where folks are doing schema validation on *their
own output* as well as everywhere they get an incoming XML message.

Perhaps they are less sanguine than you are about bugs.  Or more
realistic. :)  They are also concerned about malicious parties introducing
bad data.

These are mostly financial institutions.  As some of them have some of my
money, I'm glad they are so cautious.
	/r$

• References:
  • RE: xsd validation was RE: XPath/XSLT 2.0 concerns
    • From: Rich Salz <rsalz@d...>

• Prev by Date: RE: Are hyperlinks presentation or content?
• Next by Date: Re: Are hyperlinks presentation or content?
• Previous by thread: RE: xsd validation was RE: XPath/XSLT 2.0 concerns
• Next by thread: Re: xsd validation was RE: XPath/XSLT 2.0 concerns
• Index(es):
  • Date
  • Thread