Are there any security implications with DataML? http://dataml.net
Because we want to move some of our servlets and run our applications thru DataML instead.
Well as nobody else has replied, I thought I'd chip one in. I don't know anything about DataML but looking at it it's just a load of customised XML. I worked a lot with XML over the Summer working with Sony on a program which takes data from their manufacturing machines (represented in XML files created by the main program) and then represents this data in charts and graphs etc.
The main security issue we had with this was denying access to those files by anyone other than the program. Otherwise all the processing was done in the program and not by XSL or anything. I've not used XSL so I dunno how it works, but I take it that front-end users can see the XML files? If so then there is your security risk. If not then I guess it should be fine.
The other security implication we had was if the people who buy our software could get into the XML files then they could stop buying our software and make their own (we deal in countries like China where there is little to no protection of software). This was not resolved when I left but they were talking about encrypting these files on the HDD.
Running DataML
Reply With Quote
Bookmarks