Re: Proposal for XML Schema Validation - Mailing list pgsql-hackers

From Kodamasimham Pridhvi (MT2012066)
Subject Re: Proposal for XML Schema Validation
Date
Msg-id 6505b4fd6bb140039dddf15e63aa2967@SINPR01MB057.apcprd01.prod.exchangelabs.com
Whole thread Raw
In response to Re: Proposal for XML Schema Validation  (Noah Misch <noah@leadboat.com>)
List pgsql-hackers
On Sat, 10 Aug 2013 09:33:05 -0700, Noah Misch , wrote:
>Note that PostgreSQL 8.3 had xmlvalidate() for a time; commit

we found that, xmlvalidate() was for checking well formedness of an xml doc, not for validating against xml schema, we
inferredthis from Release note of 8.2  

for reference, below is the content from release documentation of version 8.2
" In contrib/xml2/, rename xml_valid() to xml_is_well_formed() (Tom)   xml_valid() will remain for backward
compatibility,but its behavior will change to do schema checking in a future release."
[http://www.postgresql.org/docs/8.2/static/release-8-2.html]



>3bf822c4d722d6245a65abdd2502a9d26ab990d5 removed it due to security problems.
>A new implementation (or revamp of the old) must avoid reintroducing those
>vulnerabilities.  Similar considerations apply to XML Schema.


the main vulnerability in the xmlvalidate()
[http://www.postgresql.org/message-id/20080301024649.3CDCD754108@cvs.postgresql.org]was mainly because one of the
parameterwas file path. 

But in our case, we are taking xml as a string, currently we didn't proposed file path as a input parameter to any of
ourfunction. 




Thanks,
Pridhvi  &  Vikrantsingh
IIIT Bangalore



pgsql-hackers by date:

Previous
From: Stephen Frost
Date:
Subject: Re: libpq thread locking during SSL connection start
Next
From: Jeff Janes
Date:
Subject: Re: killing pg_dump leaves backend process