RE: XForms - Secure or Insecure?

Hi Gary,

with regards to "but then the document is an XML document and therefore
should not execute".

I've been musing this issue for a while though have never tested my musings.
HTML can be expressed as XML, HTML can contain malicious script or
redirects. Therefore is it possible for an XForms to have a model that is a
HTML file with malicious script/redirects? 

Also an XML file can reference an XSLT and when loaded into the browser the
XML is translated. Could the translated output be a HTML file with malicious
script/redirects?

Anyone know the definitive answers? Seems feasible to me. Might be something
the 1.1 spec. should address.

Cheers,
DAN

-----Original Message-----
From: Gary Stewart [mailto:gary@deltagreen.co.uk]
Sent: 20 August 2004 11:10
To: www-forms@w3.org
Subject: Re: XForms - Secure or Insecure?



On Fri, 20 Aug 2004 cperec@infopac.ru wrote:

> There are two potential sources of security concern:
> 1. That a malicious XForms-containing document can upload files from a
user's 
> computer without their knowledge
> 2. A malicious XForms-containing document could download a virus or other 
> nasty to the user's computer.

I'm not sure under what basis you assume that this happens. It is correct
that XForms supports both uploading and downloading of files however the
only way that the user would be unaware of this is if the client allowed
this to be automated (and I assure you that people writing clients won't
do this, well not if they want the client to be used anyway). 

You can ask for a file to be uploaded, if so, this will invoke a File
Chooser which can be filtered (say if you are expecting an audio file) in
much the same way that you can upload files using an online mail system. 

You can also write the current XML document to the local disk, but again
the user will probably be asked (not always in this case, but then the
document is an XML document and therefore should not execute). For example
XSmiles will warn if you are trying to save a new file and if you are
trying to replace an existing file. Others might allow new files to be
generated automatically, or for a file chooser (save as... type thing) to
be invoked upon a write to disk being requested.

Hope this helps alleviate your concerns.

Gary

Received on Friday, 20 August 2004 11:53:42 UTC