Jump to content
kgun

Let us play the name space game.

Recommended Posts

This post is far from finished. For example the cryptical name space example should be commented, and some of your first remarks are not commented. Security is far from paranoia. Spammers, phishers, pharmers, hackers, packet sniffers etc are becoming so advanced that you sometimes have to set up an unformal intra or extranet. Note you can configure your server by using php.ini, but .htaccess is on a lower level if you are on an Apache sercer and as such more secure. .htaccess is invisible. In addtion, you may mask your site with .htaccess statements like AddType application/x-httpd-php .php .htmlorAddType application/x-httpd-php .html #in case .php is already set.#Then the following line removes the identifier telling the user that the page uses PHP Header unset X-Powered-By In additionWhen you are working on a new site, you may want to restrict access to your own IP address, so no other can view your site. This is easily done by putting the following lines in your .htaccess file:order deny,allowdeny from allallow from yourIPThen it is easy to add friends to that list by allowing their IP's. In addition you can block IP regions (see the CIDR/Netmask field in the lower left corner), bad bosts, emailharvesting bots and other bots that steal your bandwith and code. If your site have heavy traffic, it may be very profitable to set up a:Google KW: Spider trap In that way, by increasing the speed of your site, blocking bad bots and setting up spider traps, you may avoid increasing bandwith and / or server capacity before it is absolutely necessary.You can also speed up your site with .htaccess caching.Related links:Apache htaccess TutorialApache tutorial: .htaccess filesOverall principle. Make it simple as simple as possible, but no simpler. So use .htaccess for security, confguring your server etc. since that is on a lower level than e.g. php.ini and other configuring files. Learning to know the Apache servers is about taking control over your own server or domain. Also use the XML familiy of technologies or extensions before you use DOM scripting or other programming solutions. Note XPath uses nodes, node types and node sets and its own functions. XPointer is in a sence, an application on top of XPath and generalizes these concepts to locations, location types and locations sets (that is completely independent from XPath's location paths and location steps and should not be confused with them.) XPointer has its own functions that extends XPaths functions. So using PHP DOM + XPath to grab fragments of an XML document that you excellently showed in another post, is not minimalistic, when you can do the same using a member of the XML family, namely XPointer. Staying within the family should also be more robust (at least when the standard is accepted and is stable). By using XPath (at least version 1.0) alone you are restricted to node sets, when you want to grab fragments of an XML document. By using XPointer, you can grab fragments of the XML document that starts inside a node and ends before the end of the node. You have to understand the XPath and XPointer data model to understand that, more specifically XPointer, points and ranges. That was far off topic, and only touching the security surface. If you still mean that I am paranoid, I have no problem accepting that. If you say that I shall be more relaxed concerning document and general security issues, I will say that you have a security problem. One example in a hurry, by using the excellent phpBB toolkit Starfoxtj, that is no longer available as far as I know, I immediately identified and deleted an iFrame that was posted on my forum that is almost blocked for posting. I am on a shared server like most of the small sites on the web. Especially, when you are on a shared server, you need to be careful and use .htaccess and your panel to take control over your eProperty. Examples: You find them in the book I have mentioned so often.

Share this post


Link to post
Share on other sites

I'm aware of all the stuff you say, but you still haven't answered (SHORTLY! PLEASE!!!) what "Security" is about if not paranoia and how canonical XML enhances security.From dictionary.comSecurity - freedom from danger, risk, etc.; safety.Paranoia - baseless or excessive suspicion of the motives of others.Now, when you are thinking about security, aren't you really just being suspicious of the motives of others (i.e. being at least a little paranoid), "others" meaning "spammers, phishers, pharmers, hackers, packet sniffers etc", and striving towards freedom from danger, risk from them i.e. security?And DOM, XPath, XPointer... it's all the same deal - selection of nodes. It still doesn't explain canonical XML's existence.

By using XPointer, you can grab fragments of the XML document that starts inside a node and ends before the end of the node
I can do that in XPath too. Even in 1.0. At least with strings (i.e. text nodes) though. For example
substring($string,5,string-length($string) - 2)

Will get everything from the 5th character of the $string, but without the last 2 characters too. If I needed to do anything more sophisticated in just a single XPath expression, I'd need XPath 2.0 though, but I don't think XPointer 1.0 would do that. Instead, it can just "point" to that part (the starting character to be more precise), rather then selecitng it and manipulating it.And again

Examples, you find them in the book I have mentioned so often.
Point me to ONE that shows where not using canonical XML creates a problem which canonical XML solves. I can only find good examples of other things I already know like how to use XPath with DOM to manipulate the XML, encryption and decryption of XML documents, etc. but nothing really about canonization.

Share this post


Link to post
Share on other sites
And DOM, XPath, XPointer... it's all the same deal - selection of nodes. It still doesn't explain canonical XML's existence.And againPoint me to ONE that shows where not using canonical XML creates a problem which canonical XML solves. I can only find good examples of other things I already know like how to use XPath with DOM to manipulate the XML, encryption and decryption of XML documents, etc. but nothing really about canonization.
Have you read the book and downloaded the code?
And DOM, XPath, XPointer... it's all the same deal - selection of nodes. It still doesn't explain canonical XML's existence.I can do that in XPath too. Even in 1.0. At least with strings (i.e. text nodes) though. For example
Bolded part, see comment above.Let us be minimalistic and not use DOM + other technologies before it is necessary. Ideal, stay within the XML familiy as long as it is possible.
  1. Does that imply that you mean that (http://www.w3.org/TR/#xpointer(id('xptr')) is not needed and / or) do not genralise XPath?
  2. Can that be done accross nodes without using DOM or multiple XPath statements? Look up your answer in the other post where you combined XPath + DOM to do the same where I only used XPointer. That was though related to XLink as far as I remember.
  3. If it can be used, what is most efficient and easiest to understand? In short, why do you think XPointer was implemented?

Share this post


Link to post
Share on other sites
Have you read the book and downloaded the code?
It's impossible right now for me to read the whole book. I read the sample that was published online and I did downloaded the code and reviewed the examples. I found nothing for canonical XML.
Let us be minimalistic and not use DOM + other technologies before it is necessary. Ideal, stay within the XML familiy as long as it is possible.
  1. Does that imply that you mean that (http://www.w3.org/TR/#xpointer(id('xptr')) is not needed and / or) do not genralise XPath?
  2. Can that be done accross nodes without using DOM or multiple XPath statements? Look up your answer in the other post where you combined XPath + DOM to do the same where I only used XPointer. That was though related to XLink as far as I remember.
  3. If it can be used, what is most efficient and easiest to understand? In short, why do you think XPointer was implemented?

You're missing the point.XPointer has it's place and I can already see its use. The standard I don't see a use for is canonical XML, not XPointer.As for your example, the above IS needed in certain cases where an application may need to select a portion of a document without loading the whole of it in memory. If the server was XPointer aware, it could give the applicaiton only the element with that ID as a root element, from which point the application handles it as it would OR the file may be loaded, but focus would be put on that part (just like we do today with #id in the URL). That would all be very handy indeed.And yes, this can be done in a single XPath statement in XPath 2.0 or with XPath 1.0 in XSLT 1.0 with the doc() or document() function respectively.The XPointer way is easier of course. And if the server was set up properly, it could even be more efficient. Yes, XPointer has a place.But that's not the point. Canonical XML - that's the point.

Share this post


Link to post
Share on other sites
It's impossible right now for me to read the whole book. I read the sample that was published online and I did downloaded the code and reviewed the examples. I found nothing for canonical XML.
Chapter 12. XML Security page 441 - 489 where a lot is about canonical XML. I offered you the PDF version for free that I have (had?) the right to buy. If I can still get it, and you want it, you must PM me your email.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

×
×
  • Create New...