[XML-DEV Mailing List Archive Home] [By Thread] [By Date] [Recent Entries] [Reply To This Message] RE: Excellent IETF BCP on XML
Nitpicking: s/long before/exactly when/ [1] http://www.openhealth.org/RDDL/20010102/rddl-20010102.htm -- <green/>bytes GmbH -- http://www.greenbytes.de -- tel:+492512807760 > -----Original Message----- > From: Miles Sabin [mailto:miles@m...] > Sent: Friday, November 22, 2002 9:35 PM > To: XML Dev > Subject: Re: Excellent IETF BCP on XML > > > Simon St.Laurent wrote, > > rsalz@d... (Rich Salz) writes: > > > No, a namespace URI is an identifier, and therefore need not be > > > followed. The document (which is excellent) is talking about, you > > > know, external ENTITY things. > > > > So is RDDL now a security risk? > > Potentially ... yes. > > How many times have we discussed the external entity thing on this list > now? Any of the issues with them apply equally here. > > And in fact David Megginson warned about the dangers of automagically > dereferencing namespace URIs long before RDDL came along, > > http://lists.xml.org/archives/xml-dev/200101/msg00057.html > > Cheers, > > > Miles > > ----------------------------------------------------------------- > The xml-dev list is sponsored by XML.org <http://www.xml.org>, an > initiative of OASIS <http://www.oasis-open.org> > > The list archives are at http://lists.xml.org/archives/xml-dev/ > > To subscribe or unsubscribe from this list use the subscription > manager: <http://lists.xml.org/ob/adm.pl> >
|
PURCHASE STYLUS STUDIO ONLINE TODAY!Purchasing Stylus Studio from our online shop is Easy, Secure and Value Priced! Download The World's Best XML IDE!Accelerate XML development with our award-winning XML IDE - Download a free trial today! Subscribe in XML format
|