[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [ubl-dev] Treasury Tag Pattern: to 'glue' two instances having different schemas
On Tue, 12 Jul 2005, Duane Nickull wrote: >>.... You would have to have some out of >>bandwidth agreement with the receiver .... Did you mean "out-of-band agreement", or did I miss your pun that the agreement would be so voluminous as to run out of bandwidth? >>DN - agree with UBL thinking. xs:any is harmful for interoperability >>since an instance may pass but could have anything in it. It also >>leaves the door wide open for DoS attacks (a couple hundred mbs of CDATA >>could be added to messages and they would be processed). I can appreciate your words of caution on use of xsd:any, but won't go so far as to associate xsd:any as a "built-in security weakness" of XSD that allows DoS attacks ; a simple proof would be to see that DoS attacks can occur with huge incoming UBL 1.0 invoice/PO/etc instances even though UBL 1.0 has no use of xsd:any. I shan't say how, but probably most would easily figure it out. Best Regards, Chin Chee-Kai SoftML Tel: +65-6820-2979 Fax: +65-6743-7875 Email: cheekai@SoftML.Net http://SoftML.Net/
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]