[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [ubl-dev] Treasury Tag Pattern: to 'glue' two instances havingdifferent schemas
Chin Chee-Kai: You are correct. I am merely displaying my personal displeasure with xs:any. I always felt it was like declaring "We think that's probably good enough but there may be something we missed" which I equate to sloppy engineering practices. It is a personal nit and I am prone to attack it in *any* place I see it used (begging pardon on the pun also). ;-) Duane Chin Chee-Kai wrote: >On Tue, 12 Jul 2005, Duane Nickull wrote: > > > >>>.... You would have to have some out of >>>bandwidth agreement with the receiver .... >>> >>> > >Did you mean "out-of-band agreement", or did I miss your pun >that the agreement would be so voluminous as to run out of >bandwidth? > > > > >>>DN - agree with UBL thinking. xs:any is harmful for interoperability >>>since an instance may pass but could have anything in it. It also >>>leaves the door wide open for DoS attacks (a couple hundred mbs of CDATA >>>could be added to messages and they would be processed). >>> >>> > >I can appreciate your words of caution on use of xsd:any, but >won't go so far as to associate xsd:any as a "built-in security >weakness" of XSD that allows DoS attacks ; a simple proof would be >to see that DoS attacks can occur with huge incoming UBL 1.0 >invoice/PO/etc instances even though UBL 1.0 has no use of xsd:any. >I shan't say how, but probably most would easily figure it out. > > > >Best Regards, >Chin Chee-Kai >SoftML >Tel: +65-6820-2979 >Fax: +65-6743-7875 >Email: cheekai@SoftML.Net >http://SoftML.Net/ > > > >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]