[ILUG] is libxml(2) insecure?
kevin lyda
kevin+dated+1099475711.bec70c at ie.suberic.net
Fri Oct 29 10:54:57 IST 2004
On Fri, Oct 29, 2004 at 09:52:43AM +0100, Laur Ivan wrote:
> I understand the reasoning for shell processing, but I was wondering if there
> are some serious security arguments for not using XML as config files for
> binaries...
rc scripts are normally shell scripts. it's hard to parse xml into
something a shell script can use. personally i hate using xml for
config files that could be written as a series of key=value statements.
and i can't see more complicated config files being required for
*starting* a daemon.
now if the daemon needs some hugely complicated config file, then sure,
use xml. though i must admit i've never seen a daemon that needed such
a complicated config.
xml isn't really readable by humans. it's designed to tell a computer
about data, not to tell humans about data. if you have a configurator
program, that's fine. but if you're just expecting the user to use a
text editor to config the program then i don't think xml is a wise
choice.
kevin
--
us citizen anywhere on the planet? :| election coverage:
****** REGISTER TO VOTE! ****** |: http://www.campaigndesk.com/
* http://declareyourself.com/ * :| http://campaigndesk.org/
****** REGISTER TO VOTE! ****** |: http://dailyhowler.com/
More information about the ILUG
mailing list