W3C home > Mailing lists > Public > public-qt-comments@w3.org > April 2005

Re: W3C Last Call and Media Type request for comments: XQuery and XQueryX

From: Bjoern Hoehrmann <derhoermi@gmx.net>
Date: Thu, 07 Apr 2005 23:06:49 +0200
To: Liam Quin <liam@w3.org>
Cc: ietf-types@iana.org, ietf-xml-mime@imc.org, public-qt-comments@w3.org
Message-ID: <425e9d44.15417140@smtp.bjoern.hoehrmann.de>

* Liam Quin wrote:
>It lets people put XQuery documents on public Web servers that may
>not be configured correctly.  But it's not clear that this is the
>right approach.

What kind of misconfiguration did you have in mind here? Configured to
use an incorrect charset parameter? That's then easily addressed by not
having a charset parameter.

>We expect to add to it later.  Right now the specifications are new
>enough (in terms of Process) that security implications have not
>all been explored.  I'd welcome help in this area.  What sort of
>additional text did you expect in this section?

section 6 covers this. For example, it seems possible to construct a
query such that it loops indefinitely through infinite recursion, that's
probably something implementations should protect against.

>It's non-normative within the context of the XQueryX specification:
>an implementation does not need to support anything here in order
>to claim conformance.  If you do support application/xquery+xml though,
>this is how you must do it.

is not marked non-normative, even though none of the features in that
section are required in order to claim conformance, so this principle
does not seem to be applied consistently; and it seems inconsistent
with other W3C Technical Reports.
Björn Höhrmann · mailto:bjoern@hoehrmann.de · http://bjoern.hoehrmann.de
Weinh. Str. 22 · Telefon: +49(0)621/4309674 · http://www.bjoernsworld.de
68309 Mannheim · PGP Pub. KeyID: 0xA4357E78 · http://www.websitedev.de/ 
Received on Thursday, 7 April 2005 21:06:27 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 7 January 2015 15:45:23 UTC