Mark Wiggerman <[log in to unmask]> writes:
XML is unfit for all of the above mentioned security issues. Securing a
document should be left to a method on a lower level
XML does enable some security-related issues. For example:
My conclusion is:
XML is unable to solve security-problems.
In the same way that you cannot stir your coffee with a Volvo.
It's the wrong tool. It's not that XML is "unable" to solve
security problems, it was never designed to solve them.
What puzzles me quite a lot is how it is possible to think that XML
has anything to do with security in the first place. From the point of
view of documenting XML, it would be VERY useful to know the source of
rumours, statements, comments etc that suggest XML can be used for
tasks to which it is clearly unsuited. Are these, for example, coming
from vendors, journalists, students, users, non-users, or where?