Subject: Re: [xsl] Including/importing digitally signed XSLT documents? From: "G. Ken Holman" <gkholman@xxxxxxxxxxxxxxxxxxxx> Date: Fri, 21 May 2010 12:32:50 -0400 |
Imagine an XSLT program that uses <xsl:include> to gain access to an XSLT document from an external location (say, a W3C XSLT document). It wouldn't be difficult for an evil person to intercept the ensuing message exchange and return an XSLT document designed to disrupt the proper functioning of the original XSLT program, perhaps even resulting in a denial of service.
One approach to prevent this would be to digitally sign the included XSLT document. Of course, it would be horrific if the XSLT programmer had to write code to check the digital signature of every XSLT document he includes/imports.
I envision XSLT processors automatically checking the digital signatures and triggering an error to the XSLT programs if the digital signatures fail. Thus, the checking is transparent to the XSLT programmer.
Are there any plans to provide this functionality in XSLT 2.1?
What other approaches are there for ensuring the safe include/import of XSLT documents at external locations?
-- XSLT/XQuery training: after http://XMLPrague.cz 2011-03-28/04-01 Vote for your XML training: http://www.CraneSoftwrights.com/s/i/ Crane Softwrights Ltd. http://www.CraneSoftwrights.com/s/ G. Ken Holman mailto:gkholman@xxxxxxxxxxxxxxxxxxxx Male Cancer Awareness Nov'07 http://www.CraneSoftwrights.com/s/bc Legal business disclaimers: http://www.CraneSoftwrights.com/legal
Current Thread |
---|
|
<- Previous | Index | Next -> |
---|---|---|
Re: [xsl] Including/importing digit, Suresh | Thread | [xsl] Grouping a sequence of elemen, Peter Desjardins |
Re: [xsl] Including/importing digit, Suresh | Date | [xsl] Grouping a sequence of elemen, Peter Desjardins |
Month |