- From: Alex Milowski <alex@milowski.org>
- Date: Thu, 7 Jun 2007 10:00:15 -0700
- To: public-xml-processing-model-wg <public-xml-processing-model-wg@w3.org>
We had a discussion today and a straw poll about parameters to the
pipeline and whether or not they are passed to steps by default. I think
this is expected behavior in the case where a user takes an XSLT
transformation and then places it in a simple pipeline with some
set of pre-steps like XInclude.
I reject the argument against this because of security concern as:
* parameters are no different than pipeline inputs or outputs in
terms of security. That is, if you are concerned about pipeline
invocation from a security perspective, all inputs--xml or parameters--are
equally troubling.
* the pipeline author now has the control to exclude pipeline
parameters from a step. This means a pipeline author can write
a "secure step" than can't be affected by pipeline parameters
* true security relies upon securing the execution environment from
doing harm to the local system (e.g. as a "jail" or "secure VM"). As such,
parameters, inputs, and outputs have little to do with this.
--
--Alex Milowski
"The excellence of grammar as a guide is proportional to the paucity of the
inflexions, i.e. to the degree of analysis effected by the language
considered."
Bertrand Russell in a footnote of Principles of Mathematics
Received on Thursday, 7 June 2007 17:00:19 UTC