Rick Jelliffe wrote, > > * Unauthorized access to data stored as XML files on the parsing > > system file system (of course the attacker still needs a way to > > get these data back) > > Err, yes: this is a bit too vague to be credible isn't it. I sketched a scenario here, http://lists.xml.org/archives/xml-dev/200206/msg00247.html (see towards the middle, "unexpected information disclosure"). Maybe still a bit vague, and highly dependent on the functionality of the receiving application ... but I think the possibility is credible enough. Cheers, MilesReceived on Wednesday, 30 October 2002 05:24:48 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 7 December 2009 10:55:44 GMT