[XML-DEV Mailing List Archive Home] [By Thread] [By Date] [Recent Entries] [Reply To This Message]

RE: Extra headaches of securing XML

• To: 'Gregory Murphy' <Gregory.Murphy@e...>, xml-dev@l...
• Subject: RE: Extra headaches of securing XML
• From: "Bullard, Claude L (Len)" <clbullar@i...>
• Date: Tue, 30 Mar 2004 15:34:17 -0600

I'd be surprised if at this point in our history, any would 
reverse two bedrock design decisions and one prejudice:

1. Declaration is hardwired so really ignored by XML.  I'd bet only
   two in five people who work with XML know what an SGML Declaration is 
   and one of them is retiring next year.  It also has features that 
   no one claims to understand let alone knows how to implement, so 
   Lord knows what those would do to the complexity/security problem 
   Tim mentioned.

2. DTDs are bad and validation is optional (except when they aren't such 
   as getting nbsp past IE or overcoming the malformed markup produced 
   by HTML/DHTML era objects).

but a small cadre at Extreme Markup would giggle into 
the wee hours of the morning.

This could restart an old thread about putting 
something-like the SGML Declaration into XML.

len 

(back to cursing the DHTMLEditControl that outputs 
 SGML-like markup that can't be stuffed easily into 
 XML without hacks)

-
From: Gregory Murphy [mailto:Gregory.Murphy@e...]

Maybe SGML would be more secure? Hard limits on element name sizes and
attribute counts could be enforced in the SGML declaration.

• Prev by Date: Re: Extra headaches of securing XML
• Next by Date: Is Microsoft Bollixing Up XAML?
• Previous by thread: RE: Extra headaches of securing XML
• Next by thread: store xml in data structure
• Index(es):
  • Date
  • Thread