In some mail from Bennett Todd, sie said: > 2003-01-07T14:46:57 Bennett Todd: > > There are several arguments in favour of a tagged format as opposed > > to XML: [...] > > - we don't need the full expressiveness of XML, it's dangerous to > > allow it > > Unless I'm badly misreading this report, the attached is an > example of this exact class of problem --- a full XML parser > deployed where its full power isn't needed, and an unintended > consequence of some of that power rearing up and biting. > > -Bennett You can read "tea leaves" to mean anything you want, especially if you are allowed to choose which cup you want to look at them in. I could say that it's stupid to implement any code that needs to run securely in C because it's so prone to bugs (just look at all the C apps with problems in bugtraq) vs Java where there are hardly any - except for the JVM, but what's that written in ? :) And so it goes on. Software is buggy and that's a fact of life we seem to be unfortunately stuck with. A bug here or there should not be perceived as anything more than "the odd bug." IMHO, We should strive to define and agree on something that is firstly of most benefit to everyone and secondly follows the KISS principle so that it is easy to get right and hence less likely to be troubled by security issues in its implementation. Does XML follow the KISS principle ? Depends on how you look at it. From our documentation perspective, all we need to do is say "XML is used for blah" rather than define our own tagged format, build parsers, etc. Can XML be complex ? Without a doubt, yes. Can users benefit from that immeadiately ? Yes. Do we have to keep reinventing the wheel ? Darren _______________________________________________ LogAnalysis mailing list LogAnalysisat_private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2b30 : Tue Jan 21 2003 - 20:35:16 PST