Mike Brown wrote: > > David Komanek wrote: > > I'm just playing with XML around and have noticed strange behavior of MS > > Internet Explorer 5.0 : > > > > - if I let the MS IE display SMALL xml-file, everything seems to be O.K. > > > > - if I let the MS IE display A BIT BIGGER xml-file, everything goes > > wrong [symptoms of a memory leak, Microsoft bad, etc] > > IE 5.0 uses an XML parser written by Datachannel.com. Have you tested your > file with this parser outside of the context of IE 5.0? You can download a > standalone version of the MSXML parser from msdn.microsoft.com, and you > can get Datachannel's version from datachannel.com. > > [Snip stuff about using good validators] > > I also don't see what this potential bug in the parser has to do with > computer security. A-hem. "Since we should be able to rely upon everyone sending us well-formed and validated data that conform to all standards, it doesn't matter if the software that we use to receive it is crappy. No one would willingly do us any harm!" (I'm sorry about the harsh tone, but, to me, that's the sum total of what you're saying?) I do agree that this particular bug won't "compromise" your system per se, but what about continually mailing large XML to someone using Outlook or some other mail software that uses MSIE to display HTML/XML? Yes, that's right, your victim wouldn't be able to read his/her email very effectively (or at all) - especially if this person has the preview pane activated :-) So, again, it's not a real compromise, but it does have the potential of disrupting business, which leads to loss of $$$. And the potential loss of $$$ is why companies invest in security. Which is why issues like this one sometimes (too seldom IMHO) get treated like security issues. 'nuff rambling for one night =P /Mike -- Mikael Olsson, EnterNet Sweden AB, Box 393, S-891 28 ÖRNSKÖLDSVIK Phone: +46-(0)660-105 50 Fax: +46-(0)660-122 50 Mobile: +46-(0)70-248 00 33 WWW: http://www.enternet.se E-mail: mikael.olssonat_private
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:28:06 PDT