- From: Norman Walsh <ndw@nwalsh.com>
- Date: Fri, 28 Sep 2007 12:29:57 -0400
- To: public-xml-processing-model-comments@w3.org
- Message-ID: <m2r6kizray.fsf@nwalsh.com>
I wonder if we should add a new section somewhere:
#.# Security Considerations
An XProc pipeline may attempt to access arbitrary network resources:
steps such as p:load and p:http-request can attempt to read from an
arbitrary URI; steps such as p:store can attempt to write to an
arbitrary location.
In some environments, it may be inappropriate to provide the XProc
pipeline with access to these resources. In a server environment, for
example, it may be impractical to allow pipelines to store data. In
environments where the pipeline cannot be trusted, allowing the
pipeline to access arbitrary resources may be a security risk.
A conformant XProc processor may limit the resources available to any
or all steps in a pipeline. It is a dynamic error (err:XD00xx) if a
step attempts to access a resource for which access is forbidden.
Be seeing you,
norm
--
Norman Walsh <ndw@nwalsh.com> | Everything should be made as simple as
http://nwalsh.com/ | possible, but no simpler.
Received on Friday, 28 September 2007 16:30:11 UTC