XML Editor - Download a Free Trial >
See What's New >
Buy Now >

[XML-DEV Mailing List Archive Home] [By Thread] [By Date] [Recent Entries] [Reply To This Message]

Re: XML is Mobile Code? [was: Defining an XML vocabulary: spec

  • From: "bryan rasmussen" <rasmussen.bryan@g...>
  • To: "Costello, Roger L." <costello@m...>
  • Date: Sat, 12 Apr 2008 13:49:10 +0200
Re: XML is Mobile Code? [was: Defining an XML vocabulary: spec
Play the video
Well the 'boundedness' of the code is determined by the processor
which implements the specification. Boundedness is generally a
function of environmental limitations, see Principle of Least
Privilege. The example you gave was XSL-T, as a general rule while
XSL-T is a Turing complete language like JavaScript it tends to have
less privilege than JavaScript.

Cheers,
Bryan Rasmussen

On Sat, Apr 12, 2008 at 1:15 PM, Costello, Roger L. <costello@m...> wrote:
> Hi Folks,
>
>  It just occurred to me ...
>
>  We have determined that XML has two primary roles:
>
>     1. Encode behavior (instructions)
>
>     2. Encode data
>
>  [Len, what does it mean to "encode script nodes?"]
>
>  In its first role (encoding behavior), XML is mobile code.  For
>  example, the XSLT vocabulary is an encoding of a certain behavior (i.e.
>  an encoding of a certain set of instructions), and when you transport
>  an XSLT document across the Internet, you are transporting code.
>
>  When you transport, say, JavaScript code across the Internet, you know
>  the extent of the security implications since JavaScript is a bounded
>  syntax with bounded capabilities (and a bounded set of security
>  problems).
>
>  But XML is unbounded, and the types of behavior that may be encoded in
>  XML is unbounded.  Thus, there is no way, in general, to assess the
>  extent of the security implications for arbitrary XML documents.
>  Yikes!
>
>  I am surely missing something.  Please tell me where my thinking errs.
>
>  /Roger
>
>
>  _______________________________________________________________________
>
>  XML-DEV is a publicly archived, unmoderated list hosted by OASIS
>  to support XML implementation and development. To minimize
>  spam in the archives, you must subscribe before posting.
>
>  [Un]Subscribe/change address: http://www.oasis-open.org/mlmanage/
>  Or unsubscribe: xml-dev-unsubscribe@l...
>  subscribe: xml-dev-subscribe@l...
>  List archive: http://lists.xml.org/archives/xml-dev/
>  List Guidelines: http://www.oasis-open.org/maillists/guidelines.php
>
>
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index]

PURCHASE STYLUS STUDIO ONLINE TODAY!

Purchasing Stylus Studio from our online shop is Easy, Secure and Value Priced!

Buy Stylus Studio Now

Download The World's Best XML IDE!

Accelerate XML development with our award-winning XML IDE - Download a free trial today!

Don't miss another message! Subscribe to this list today.
Email
First Name
Last Name
Company
Subscribe in XML format
RSS 2.0
Atom 0.3
 

Stylus Studio has published XML-DEV in RSS and ATOM formats, enabling users to easily subcribe to the list from their preferred news reader application.


Stylus Studio Sponsored Links are added links designed to provide related and additional information to the visitors of this website. they were not included by the author in the initial post. To view the content without the Sponsor Links please click here.

XML Editor - Download a 15 Day Free Trial Now >
See What's New in Stylus Studio >
Buy Stylus Studio - XML Editor - Now >
Site Map | Privacy Policy | Terms of Use | Trademarks
Free Stylus Studio XML Training:
W3C Member
Stylus Studio® and DataDirect XQuery ™are products from DataDirect Technologies, is a registered trademark of Progress Software Corporation, in the U.S. and other countries. © 2004-2013 All Rights Reserved.