[XSL-LIST Mailing List Archive Home] [By Thread] [By Date] [Recent Entries] [Reply To This Message] Including/importing digitally signed XSLT documents?
Hi Folks, Imagine an XSLT program that uses <xsl:include> to gain access to an XSLT document from an external location (say, a W3C XSLT document). It wouldn't be difficult for an evil person to intercept the ensuing message exchange and return an XSLT document designed to disrupt the proper functioning of the original XSLT program, perhaps even resulting in a denial of service. One approach to prevent this would be to digitally sign the included XSLT document. Of course, it would be horrific if the XSLT programmer had to write code to check the digital signature of every XSLT document he includes/imports. I envision XSLT processors automatically checking the digital signatures and triggering an error to the XSLT programs if the digital signatures fail. Thus, the checking is transparent to the XSLT programmer. Are there any plans to provide this functionality in XSLT 2.1? What other approaches are there for ensuring the safe include/import of XSLT documents at external locations? /Roger
|
PURCHASE STYLUS STUDIO ONLINE TODAY!Purchasing Stylus Studio from our online shop is Easy, Secure and Value Priced! Download The World's Best XML IDE!Accelerate XML development with our award-winning XML IDE - Download a free trial today! Subscribe in XML format
|