IBM DB2 XML functions file creation vulnerabilities

From: Scott Brown <r_dot_scott_dot_brown_at_gmail_dot_com>
Date: Mon May 02 2005 - 10:07:07 CDT

I realize what I'm about to say is hyperbolic, but I still think it's a
valid point: if XML is riddled with security problems, why have companies
(IBM, Sun Microsystems, Computer Associates, Oracle, etc) with successful
track records deploying stable and secure enterprise-class products actively
worked towards adopting it as the standard data format for software

The IT industry took a hard look at XML years ago, asked the hard questions,
addressed the inherent problems that come with any emerging technology and
moved forward with it. We should benefit from that effort.

JamBoi, I realize it might seem that XML has serious detractors in the IT
community because of the results you've gotten through your web searching.
What you must realize is that, with any emerging tech standard, these issues
quickly become religious debates and flame wars. That makes it easy to find
naysayers, but more difficult to cut through the b.s. and really answer the
question at hand: are there any inherent security risks associated with
using XML as a canonical data format for a mission-critical software system?

My strong opinion is "no".

-- Scott

On 5/2/05, JamBoi <> wrote:
> Sure, but that's merely an example of an XML Tek exploit. And
> appearently they are numerous.
> Jammy The Sacred Cow Slayer

OVC discuss mailing lists
Send requests to subscribe or unsubscribe to
= The content of this message, with the exception of any external
= quotations under fair use, are released to the Public Domain
Received on Tue May 31 23:17:06 2005

This archive was generated by hypermail 2.1.8 : Tue May 31 2005 - 23:17:52 CDT