<-prev [Thread] next-> <-prev [Date] next->
Month Index | List Home

Re: [xsl] Including/importing digitally signed XSLT documents?

Subject: Re: [xsl] Including/importing digitally signed XSLT documents?
From: "G. Ken Holman" <gkholman@xxxxxxxxxxxxxxxxxxxx>
Date: Fri, 21 May 2010 12:32:50 -0400
At 2010-05-21 12:21 -0400, Costello, Roger L. wrote:
Imagine an XSLT program that uses <xsl:include> to gain access to an XSLT document from an external location (say, a W3C XSLT document). It wouldn't be difficult for an evil person to intercept the ensuing message exchange and return an XSLT document designed to disrupt the proper functioning of the original XSLT program, perhaps even resulting in a denial of service.

One approach to prevent this would be to digitally sign the included XSLT document. Of course, it would be horrific if the XSLT programmer had to write code to check the digital signature of every XSLT document he includes/imports.

I envision XSLT processors automatically checking the digital signatures and triggering an error to the XSLT programs if the digital signatures fail. Thus, the checking is transparent to the XSLT programmer.

Are there any plans to provide this functionality in XSLT 2.1?

What other approaches are there for ensuring the safe include/import of XSLT documents at external locations?

This can be done outside of the specification. The stylesheets I ship for free for printing XML instances of UBL to PDF are digitally signed:

http://www.CraneSoftwrights.com/resources/ublss

The stylesheets are free to use by anyone with an existing XSL-FO processor without any need for worrying about the signatures.

If someone doesn't have such a processor and wants to use the commercial Ibex XSL-FO processor at no charge, I've provided a digitally signed manifest of my stylesheets so that the processor only runs with these stylesheets and no other (otherwise I wouldn't be able to give out the commercial tool for free). The XSL-FO processor does not invoke the embedded XSLT processor unless all imported and included XSLT fragments listed in the manifest have their respective hashes match. If anyone changes even a single byte of the stylesheets, they can still use their own XSL-FO processor, but the free copy of the commercial XSL-FO processor will reject the stylesheet that has changes. And it will reject any stylesheet that does not have a digitally-signed manifest. So the vendor is protected, but I can still allow free downloads of my stylesheets for people to run with commercial software.

So, you can take this approach in your environment, and do it outside of the XSLT processor: create a digital signature of a trusted copy of all of the fragments you need, and then check them before you use them. I suppose you could even do this in the URI resolver finding the fragments.

I hope this helps.

. . . . . . . . . . . . Ken


--
XSLT/XQuery training:   after http://XMLPrague.cz 2011-03-28/04-01
Vote for your XML training:   http://www.CraneSoftwrights.com/s/i/
Crane Softwrights Ltd.          http://www.CraneSoftwrights.com/s/
G. Ken Holman                 mailto:gkholman@xxxxxxxxxxxxxxxxxxxx
Male Cancer Awareness Nov'07  http://www.CraneSoftwrights.com/s/bc
Legal business disclaimers:  http://www.CraneSoftwrights.com/legal

Current Thread
<- PreviousIndexNext ->
Re: [xsl] Including/importing digit, Suresh Thread [xsl] Grouping a sequence of elemen, Peter Desjardins
Re: [xsl] Including/importing digit, Suresh Date [xsl] Grouping a sequence of elemen, Peter Desjardins
Month