Altova Mailing List Archives

RE: Traffic Analysis and Namespace Dereferencing

From: David Megginson <david@---------.--->
To: xml-dev@-----.---.---
Date: 1/2/2001 7:52:00 AM
Miles Sabin writes:

 > It's worth bearing in mind that this also applies to the
 > dereferencing of DTD external subsets.

Absolutely correct -- that's why XML documents for production-side
systems should not include DOCTYPE statements.  DTDs and XML Schemas
belong mainly on the authoring side (both as templates for input tools
and for debugging).

 > I can't help worrying that unintentional DoS might turn out to be 
 > a major problem in the not too distant future ... the W3C's 
 > servers host an awful lot of critical DTDs, and a awful lot of 
 > generic XML processors don't cache external subsets or use 
 > caching HTTP proxies by default. So what would happen if 
 > collapsed under the strain of a couple of hundred thousand XML 
 > editors all starting up at once?

People will find ways to route around the damage.  The only question
is whether people will blame bad design practices or XML itself. has already had some pretty-long outages, but since virtually
no one uses client-side XML, not much happened.

All the best,


David Megginson                 david@m...


These Archives are provided for informational purposes only and have been generated directly from the Altova mailing list archive system and are comprised of the lists set forth on Therefore, Altova does not warrant or guarantee the accuracy, reliability, completeness, usefulness, non-infringement of intellectual property rights, or quality of any content on the Altova Mailing List Archive(s), regardless of who originates that content. You expressly understand and agree that you bear all risks associated with using or relying on that content. Altova will not be liable or responsible in any way for any content posted including, but not limited to, any errors or omissions in content, or for any losses or damage of any kind incurred as a result of the use of or reliance on any content. This disclaimer and limitation on liability is in addition to the disclaimers and limitations contained in the Website Terms of Use and elsewhere on the site.