[XSL-LIST Mailing List Archive Home]
[By Thread]
[By Date]
Re: Fw: Signing of XSL scripts
Subject: Re: Fw: Signing of XSL scripts From: Gavin Nicol <gtn@xxxxxxxxxxxx> Date: Thu, 28 May 1998 09:35:56 -0400 |
>It is beginning to look as if the use of ECMAScript may lead to some >problems with system security unless there is a change in the way in which >scripts can be authenticated in Internet Explorer. For input/output to a Even authentication isn't enough. Having an arbitrary scripting language opens you to denial of serive attacks, and other such things. All the signing does is allow you to know who *supposedly* sent you the script (it will always be possibly to fake identification here too given enough resources). What is needed is some way for the XSL processor to be able to "prove" correctness. XSL-List info and archive: http://www.mulberrytech.com/xsl/xsl-list
Current Thread |
---|
|
<- Previous | Index | Next -> |
---|---|---|
Fw: Signing of XSL scripts, Martin Bryan | Thread | RE: Fw: Signing of XSL scripts, John Dreystadt |
Fw: Signing of XSL scripts, Martin Bryan | Date | RE: Fw: Signing of XSL scripts, John Dreystadt |
Month |
Keywords