- From: Rich Salz <rsalz@datapower.com>
- Date: Tue, 16 Jul 2002 14:07:04 -0400
- To: www-xml-linking-comments@w3.org
A posting on the xml-dev list mentioned that an XPointer client is required to send a schemaLocation URL, and that the XPointer server is required to deference and process it. If this is true, I have strong concerns about the security implications of this. For example, a client can send a URL that it does not have read access to. One interesting possibility would be to send "file:///etc/passwd" and parse the faults the server sends back, in an attempt to glean account information from the error messages. A client could also send -- through programming error or deliberate misuse -- a URL that the server has no access to. This would lead to confusion and possible denial of service attacks. For example, imagine the client sending "https" URL's to a deliberately slow server, thereby slowing down the XPointer server to an unacceptable level. As a general rule, without a rich security framework in place (i.e., one that supports delegation and/or impersonation), it is always risky for one agent to give another a pointer to a reference that must be resolved by the second. Better practice is for the first to send along all relevant data in one go. If, however, the note in xml-dev (or my understanding of it) is wrong, please ignore this message. :) Thank you. /r$
Received on Tuesday, 16 July 2002 14:07:20 UTC