Chris Lilley wrote, > MS> ... but in at least some cases the very act of attempting > MS> validation will trigger the dangerous behaviour, eg. retrieving an > MS> uncached DTD external subset. > > Okay. Although, accepting the original XML message (if its a > protocol, say) might be just as dangerous. Agreed. Which is why this is a delicate area where guidance is needed: if it seems like you're damned if you do and you're damned if you don't, then you're likely to toss a coin and hope for the best. > MS> Representation retrieval is safe: Agents do not incur obligations > MS> by retrieving a representation. > > Aha. Thanks for being more specific as to the link between the > security alert you posted and the edits to the Arch doc that should > result from your input. Sorry ... I didn't make it anything like clear enough. Cheers, MilesReceived on Wednesday, 30 October 2002 18:07:42 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 7 December 2009 10:55:44 GMT