W3C Last Call and Media Type request for comments: XQuery and
XQueryX
Bjoern Hoehrmann
derhoermi at gmx.net
Thu Apr 7 23:06:49 CEST 2005
* Liam Quin wrote:
>It lets people put XQuery documents on public Web servers that may
>not be configured correctly. But it's not clear that this is the
>right approach.
What kind of misconfiguration did you have in mind here? Configured to
use an incorrect charset parameter? That's then easily addressed by not
having a charset parameter.
>We expect to add to it later. Right now the specifications are new
>enough (in terms of Process) that security implications have not
>all been explored. I'd welcome help in this area. What sort of
>additional text did you expect in this section?
http://www.ietf.org/internet-drafts/draft-freed-media-type-reg-03.txt
section 6 covers this. For example, it seems possible to construct a
query such that it loops indefinitely through infinite recursion, that's
probably something implementations should protect against.
>It's non-normative within the context of the XQueryX specification:
>an implementation does not need to support anything here in order
>to claim conformance. If you do support application/xquery+xml though,
>this is how you must do it.
http://www.w3.org/TR/2005/WD-xquery-20050404/#id-conform-optional-features
is not marked non-normative, even though none of the features in that
section are required in order to claim conformance, so this principle
does not seem to be applied consistently; and it seems inconsistent
with other W3C Technical Reports.
--
Björn Höhrmann · mailto:bjoern at hoehrmann.de · http://bjoern.hoehrmann.de
Weinh. Str. 22 · Telefon: +49(0)621/4309674 · http://www.bjoernsworld.de
68309 Mannheim · PGP Pub. KeyID: 0xA4357E78 · http://www.websitedev.de/
More information about the Ietf-types
mailing list