From: | "Kodamasimham Pridhvi (MT2012066)" <Pridhvi(dot)Kodamasimham(at)iiitb(dot)org> |
---|---|
To: | Noah Misch <noah(at)leadboat(dot)com> |
Cc: | "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org>, "Bisen Vikrantsingh Mohansingh MT2012036" <BisenVikrantsingh(dot)Mohansingh(at)iiitb(dot)org> |
Subject: | Re: Proposal for XML Schema Validation |
Date: | 2013-08-12 16:25:31 |
Message-ID: | 6505b4fd6bb140039dddf15e63aa2967@SINPR01MB057.apcprd01.prod.exchangelabs.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On Sat, 10 Aug 2013 09:33:05 -0700, Noah Misch , wrote:
>Note that PostgreSQL 8.3 had xmlvalidate() for a time; commit
we found that, xmlvalidate() was for checking well formedness of an xml doc, not for validating against xml schema, we inferred this from Release note of 8.2
for reference, below is the content from release documentation of version 8.2
" In contrib/xml2/, rename xml_valid() to xml_is_well_formed() (Tom)
xml_valid() will remain for backward compatibility, but its behavior will change to do schema checking in a future release."
[http://www.postgresql.org/docs/8.2/static/release-8-2.html]
>3bf822c4d722d6245a65abdd2502a9d26ab990d5 removed it due to security problems.
>A new implementation (or revamp of the old) must avoid reintroducing those
>vulnerabilities. Similar considerations apply to XML Schema.
the main vulnerability in the xmlvalidate() [http://www.postgresql.org/message-id/20080301024649.3CDCD754108@cvs.postgresql.org] was mainly because one of the parameter was file path.
But in our case, we are taking xml as a string, currently we didn't proposed file path as a input parameter to any of our function.
Thanks,
Pridhvi & Vikrantsingh
IIIT Bangalore
From | Date | Subject | |
---|---|---|---|
Next Message | Jeff Janes | 2013-08-12 16:27:02 | Re: killing pg_dump leaves backend process |
Previous Message | Stephen Frost | 2013-08-12 14:49:40 | Re: libpq thread locking during SSL connection start |