[XML-DEV Mailing List Archive Home] [By Thread] [By Date] [Recent Entries] [Reply To This Message]

RE: The <any/> element: bane of security or savior ofversionin

• From: Rick Jelliffe <rjelliffe@a...>
• To: xml-dev@l...
• Date: Sat, 20 Oct 2007 03:17:24 +1000

On Fri, 2007-10-19 at 17:08 +0100, Michael Kay wrote:
> > > When Any occurs in xml documents that are ran through process X the 
> > > system crashes.
> 
> Well, clearly you should either fix the bug in the application or put a
> fence around it to protect it from data it can't handle. 

Doesn't this assume open source or system configurability?  

Or, to put it another way, when people don't have access to the source
or when they are required to use canned COTS installations out of their
control, almost any feature badly implemented can be labelled a risk. So
what people are identifying is not a risk of XML but a risk of some
applications they have seen. 

Cheers
Rick Jelliffe 

• References:
  • The <any/> element: bane of security or savior of versioning?
    • From: "Costello, Roger L." <costello@m...>
  • Re: The <any/> element: bane of security or savior of versioning?
    • From: David Carlisle <davidc@n...>
  • Re: The <any/> element: bane of security or savior of versioning?
    • From: "bryan rasmussen" <rasmussen.bryan@g...>
  • Re: The <any/> element: bane of security or savior of versioning?
    • From: "bryan rasmussen" <rasmussen.bryan@g...>
  • RE: The <any/> element: bane of security or savior of versioning?
    • From: "Michael Kay" <mike@s...>