W3C home > Mailing lists > Public > xml-dist-app@w3.org > May 2000

RE: XML Protocols Shakedown

From: Andrew Layman <andrewl@microsoft.com>
Date: Mon, 22 May 2000 15:36:23 -0700
Message-ID: <7CD674FF54FBD21181D800805F57CD540D226DF1@RED-MSG-44>
To: "'Michael Condry'" <Michael.Condry@eng.sun.com>, xml-dist-app@w3.org, connolly@w3.org
Is there something specific about XML schemas that raises a security issue? 

Dan: If there is, this should be brought to the attention of the schemas WG,
no? 

Thanks in advance,
Andrew Layman

-----Original Message-----
From: Michael Condry [mailto:Michael.Condry@eng.sun.com]
Sent: Monday, May 22, 2000 11:40 AM
To: xml-dist-app@w3.org; connolly@w3.org
Subject: Re: XML Protocols Shakedown


I made an earlier email comment about a "Lack of Sandbox".


The point is the lack of ability to contain things with
an application level protocol that allows an general
execution engine (by the schema).   This is nothing
to do with the Java Sandbox.

We can contain the message with HTTPs. but that does
not contain what can result from having the action resulting
from the data in the message as defined from the schema.


Yes, yes, yes if we restrict the schema but that is
not being discussed yet.

With a general schema we can create the AIDS of viruses
copy everyone credit cards and distribute them
over ILOVEYOU.pl....
Received on Monday, 22 May 2000 18:37:07 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 7 December 2009 10:58:56 GMT