Re: Fw: Signing of XSL scripts

>It is beginning to look as if the use of ECMAScript may lead to some
>problems with system security unless there is a change in the way in which
>scripts can be authenticated in Internet Explorer. For input/output to a

Even authentication isn't enough. Having an arbitrary scripting language
opens you to denial of serive attacks, and other such things. All the 
signing does is allow you to know who *supposedly* sent you the script
(it will always be possibly to fake identification here too given enough
resources). What is needed is some way for the XSL processor to be able 
to "prove" correctness. 


 XSL-List info and archive:  http://www.mulberrytech.com/xsl/xsl-list

Current Thread
Fw: Signing of XSL scripts Martin Bryan - Thu, 28 May 1998 08:40:27 +0100 Gavin Nicol - Thu, 28 May 1998 09:35:56 -0400 <= John Dreystadt - Thu, 28 May 1998 10:26:11 -0400 Paul Prescod - Fri, 29 May 1998 10:01:01 -0400 John Dreystadt - Fri, 29 May 1998 18:18:17 -0400 Paul Prescod - Fri, 29 May 1998 09:59:07 -0400

<- Previous	Index	Next ->
Fw: Signing of XSL scripts, Martin Bryan	Thread	RE: Fw: Signing of XSL scripts, John Dreystadt
Fw: Signing of XSL scripts, Martin Bryan	Date	RE: Fw: Signing of XSL scripts, John Dreystadt
	Month

<-prev [Thread] next->	<-prev [Date] next->
Month Index \| List Home