[XSL-LIST Mailing List Archive Home] [By Thread] [By Date] [Recent Entries] [Reply To This Message] How to circumvent read-only permission
Michael Kay wrote: > I've certainly seen (and written) real applications in which > xsl:evaluate (or equivalent) was used to evaluate XPath > expressions read from cells in Excel spreadsheets. The > operating system has no idea this is going on, so the > distinction between read permission and execute > permission is meaningless. Wow! Let me be sure that I understand the full implications of this. Consider this scenario: We have an XML document that, for whatever reason, must be read-only. It must not be written to (no write permission) and it must not be executed (no execute permission). The operating system understands this and will enforce this. However, if the XML document contains XPath expressions, then the XSLT program that is reading the XML document can read the XPath expressions and execute them using xsl:evaluate. So, in a sense, the XML document is being executed. And, the operating system has no idea that the XML document is being executed and no way to prevent it. This is a way to circumvent the operating system's enforcement of read-only permission. Do I understand correctly? Have I described the full implications of this scenario or is there more to be learned from the scenario? Or is Michael alluding to some other scenario? /Roger
|
PURCHASE STYLUS STUDIO ONLINE TODAY!Purchasing Stylus Studio from our online shop is Easy, Secure and Value Priced! Download The World's Best XML IDE!Accelerate XML development with our award-winning XML IDE - Download a free trial today! Subscribe in XML format
|