Pipeline Parameters by Default

We had a discussion today and a straw poll about parameters to the
pipeline and whether or not they are passed to steps by default.  I think
this is expected behavior in the case where a user takes an XSLT
transformation and then places it in a simple pipeline with some
set of pre-steps like XInclude.

I reject the argument against this because of security concern as:

  * parameters are no different than pipeline inputs or outputs in
     terms of security.  That is, if you are concerned about pipeline
     invocation from a security perspective, all inputs--xml or parameters--are
    equally troubling.

  * the pipeline author now has the control to exclude pipeline
    parameters from a step.  This means a pipeline author can write
    a "secure step" than can't be affected by pipeline parameters

 * true security relies upon securing the execution environment from
   doing harm to the local system (e.g. as a "jail" or "secure VM").  As such,
   parameters, inputs, and outputs have little to do with this.

-- 
--Alex Milowski
"The excellence of grammar as a guide is proportional to the paucity of the
inflexions, i.e. to the degree of analysis effected by the language
considered."

Bertrand Russell in a footnote of Principles of Mathematics

Received on Thursday, 7 June 2007 17:00:19 UTC