Cart
|
[XML-DEV Mailing List Archive Home] [By Thread] [By Date] [Recent Entries] [Reply To This Message] Re: XML Redux
 Original Message From: "Richard Salz" >> For example, all the classes would likely have some common base class >> interface and be created by some factory or other. >Eww, yuck. :) Show me a better way that doesn't require prior knowledge of the XML format. > More technically, that is not the best way to go if you care about > performance or security. > Performance -- Why should I bother to intern a string if it's an > int? Cf, .... That method appears to require an a-priori schema. If I have that I don't need the sender to tell me somethings an int. I already know that. (I do have to check the right format.) And as I understand it, the approach described is far from the norm anyway, and thus only peripherally relevant. > Security -- why should I let a bad-guy send me millions of bytes > just to parse the number 23, unless I like DoS attacks? (Of course, a > really secure solution would have the schema beforehand, but that might > not always be possible.) So they send you a million byte string instead, and call it a string! They can still DoS you. The sender being able to say something's a number doesn't help with this. Pete Cordell Codalogic Ltd Interface XML to C++ the easy way using C++ XML data binding to convert XSD schemas to C++ classes. Visit http://codalogic.com/lmx/ or http://www.xml2cpp.com for more info 
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] |
PURCHASE STYLUS STUDIO ONLINE TODAY!Purchasing Stylus Studio from our online shop is Easy, Secure and Value Priced! 
Download The World's Best XML IDE!Accelerate XML development with our award-winning XML IDE - Download a free trial today! Subscribe in XML format
|
|||||||||
