April 3rd, 2002, 05:39 AM
|
 |
Administrator
|
|
Join Date: Jul 2001
Location: The Netherlands
Posts: 12,461
|
|
XML security risks
Quote:
Few things have lubricated the wheels of commerce better than the ability to have virtually any computer talk to any other. But mere connection is not enough. Without a common data-interchange language, programming can be as frustrating as the general contractor's job at the Tower of Babel.
XML (eXtensible Markup Language) changes that: It completes the Internet. XML creates a universal standard for document and data exchange by describing the logical structure of a document and by creating tags that contain and define data. The XML tag teaches the receiving program how to read the data. As XML adds new tags to HTML, the tags define their content. An entire document can be described with a DTD (document type definition), so a program that has never seen a given document before knows what data to expect and whether it is complete. Increasingly, data is being stored in XML format in databases, because this format eliminates the overhead common to relational databases and creates complex schemas for multiple tables that can work across products and platforms.
And there's the rub. When you package your data definitions along with your data, you're giving anyone who can access the data the keys to the castle—the content as well as the context. You're also extending the HTML, giving it new power, including opening potential security holes.
Securing XML Data...
|
Read the full article:
http://www.pcmag.com/article/0,2997,...a=24651,00.asp
__________________
01110010 01100101 01100111 01100001 01110010 01100100 01110011 00100000 01110000 01100001 01110101 01101100
|
