attached mail follows:
> > 3. Make the schemalocation hint manditory to provide, and manditory to > > dereference for Schema-Loading, WRT XPointer. > > This option really scares me! Me too, but for security reasons. Mandatory to deref means that I as the client can force a server to go open a file of my choosing. That's scary. Suppose I send the server schemaLocation="file:///etc/passwd" -- I could probably guess some account names from the helpful fault information that comes back. /r$ ----------------------------------------------------------------- The xml-dev list is sponsored by XML.org <http://www.xml.org>, an initiative of OASIS <http://www.oasis-open.org> The list archives are at http://lists.xml.org/archives/xml-dev/ To subscribe or unsubscribe from this list use the subscription manager: <http://lists.xml.org/ob/adm.pl> -- Henry S. Thompson, HCRC Language Technology Group, University of Edinburgh W3C Fellow 1999--2002, part-time member of W3C Team 2 Buccleuch Place, Edinburgh EH8 9LW, SCOTLAND -- (44) 131 650-4440 Fax: (44) 131 650-4587, e-mail: ht@cogsci.ed.ac.uk URL: http://www.ltg.ed.ac.uk/~ht/ [mail really from me _always_ has this .sig -- mail without it is forged spam]Received on Wednesday, 17 July 2002 09:17:13 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 27 October 2009 08:39:44 GMT