[XML-DEV Mailing List Archive Home] [By Thread] [By Date] [Recent Entries] [Reply To This Message]

RE: Postel's law, exceptions


parser postel
As I sit here reading articles on digital rights management, 
I find parallels between the 'soft' and 'hard' approaches to 
DRM and 'soft' and 'hard' approaches to accepting formed and 
valid content.

It possibly means nothing, but it seems to point to a policy
based management systems as approaches to both.

len

-----Original Message-----
From: Elliotte Rusty Harold [mailto:elharo@m...]

Absolutely. In an XML context, a parser does not assume that the 
document is well-formed. It checks everything it can possibly check, 
and accepts as input any stream of characters, including characters 
that are illegal in XML. Most parsers also operate on streams of 
bytes and accept absolutely any bytes. The strict nature of XML, and 
the attention paid to well-formedness, means that it's relatively 
hard to slip in damaging data by violating the assumptions about the 
input.

It's certainly possible to send data that the parser vendor did not 
anticipate. However, if that data does not match the XML grammar, the 
parser will reject it. The very nature of an XML parser is to prove 
(almost if not quite mathematically) that a certain sequence of 
characters satisfies the grammar. While parsers of other formats are 
often implemented by assuming the data is good, XML parsers do not 
assume this unless they can prove it. Many parsers for other formats 
(as well many fast pseudo-XML parsers that have not been widely 
adopted in practice) assume that the data looks like they expect, and 
try to read it without actually checking it first. This is one way 
security holes arise.

Of course XML parsers, can and do have bugs. However, when they do, 
it's very easy to point at the spec and tell the vendor, "Your parser 
is buggy. Fix it." When it comes to basic well-formedness checking 
the major parsers today have very few if any bugs. The only ones I 
can think of off the top of my head all involve parsers being too 
strict and rejecting data they should accept, rather than the other 
way around.

PURCHASE STYLUS STUDIO ONLINE TODAY!

Purchasing Stylus Studio from our online shop is Easy, Secure and Value Priced!

Buy Stylus Studio Now

Download The World's Best XML IDE!

Accelerate XML development with our award-winning XML IDE - Download a free trial today!

Don't miss another message! Subscribe to this list today.
Email
First Name
Last Name
Company
Subscribe in XML format
RSS 2.0
Atom 0.3
 

Stylus Studio has published XML-DEV in RSS and ATOM formats, enabling users to easily subcribe to the list from their preferred news reader application.


Stylus Studio Sponsored Links are added links designed to provide related and additional information to the visitors of this website. they were not included by the author in the initial post. To view the content without the Sponsor Links please click here.

Site Map | Privacy Policy | Terms of Use | Trademarks
Free Stylus Studio XML Training:
W3C Member
Stylus Studio® and DataDirect XQuery ™are products from DataDirect Technologies, is a registered trademark of Progress Software Corporation, in the U.S. and other countries. © 2004-2013 All Rights Reserved.