ISSUE-3

Can XQuery/XPath contribute to attack vectors?

State:
CLOSED
Product:
wsc-xit
Raised by:
Stephen Farrell
Opened on:
2006-11-21
Description:
See the disposition of ACTION-3; in particular the note at [1]. The basic
question is how xpath and xquery, when used in conjunction with Web content, can
contribute to attacks against the secure display of security context information.

The expectation is to revisit this issue when there is an actual draft of the
techniques document.

1. http://www.w3.org/mid/455A18E3.2040006@cs.tcd.ie
Related Actions Items:
No related actions
Related emails:
  1. Agenda: WSC WG distributed meeting, Wednesday, 2007-12-05 (from Mary_Ellen_Zurko@notesdev.ibm.com on 2007-12-04)
  2. Re: ACTION-332 OPEN Elaborate on ISSUE-3 Stephen Farrell 2007-11-13 (from stephen.farrell@cs.tcd.ie on 2007-11-26)
  3. WSC Open Action Items (from Mary_Ellen_Zurko@notesdev.ibm.com on 2007-11-26)
  4. Meeting record: WSC WG f2f 2007-11-06 (from tlr@w3.org on 2007-11-21)
  5. Draft minutes: WSC WG 2007-11-06 (from tlr@w3.org on 2007-11-17)
  6. WSC Open Action Items (from Mary_Ellen_Zurko@notesdev.ibm.com on 2007-11-16)
  7. WSC Open Action Items (from Mary_Ellen_Zurko@notesdev.ibm.com on 2007-11-09)
  8. ISSUE-3: Can XQuery/XPath contribute to attack vectors? (from tlr@w3.org on 2007-11-06)
  9. Re: ISSUE-37: qualify your interrupts (from public comments) (from Mary_Ellen_Zurko@notesdev.ibm.com on 2007-04-18)
  10. Re: ISSUE-38: no safe haven in presentation space (from public comments) (from Mary_Ellen_Zurko@notesdev.ibm.com on 2007-04-18)
  11. Re: ISSUE-39: cooperate with WAI-ARIA \\\'politeness\\\' (from public comments) (from Mary_Ellen_Zurko@notesdev.ibm.com on 2007-04-18)
  12. Re: ISSUE-34: Formal studies don\\\'t cover disability access adequately, use experts too - (public comment) (from Mary_Ellen_Zurko@notesdev.ibm.com on 2007-04-17)
  13. Re: ISSUE-35: information overload/underload -- no oneSizeFitsAll (public comment) (from Mary_Ellen_Zurko@notesdev.ibm.com on 2007-04-17)
  14. Re: ISSUE-36: presentation norms -- no oneSizeFitsAll (from public comments) (from Mary_Ellen_Zurko@notesdev.ibm.com on 2007-04-17)
  15. Re: ISSUE-33: Charter retains authority Review of Note (from Mary_Ellen_Zurko@notesdev.ibm.com on 2007-04-16)
  16. ISSUE-3: Can XQuery/XPath contribute to attack vectors? (from dean+cgi@w3.org on 2006-11-21)

Related notes:

Logged under Section 11. Security Considerations.

Anil Saldhana, 20 Jan 2008, 09:01:49

forgot to put the identifier - follow this thread
http://lists.w3.org/Archives/Public/public-wsc-wg/2008Mar/0135.html

Mary Ellen Zurko, 21 Mar 2008, 17:28:21

Display change log ATOM feed

Mary Ellen Zurko <mzurko@us.ibm.com>, Chair, Thomas Roessler <tlr@w3.org>, Staff Contact
Tracker (configuration for this group), originally developed by Dean Jackson, is developed and maintained by the Systems Team <w3t-sys@w3.org>.
$Id: 3.html,v 1.1 2010/10/11 09:35:16 dom Exp $