On Sat, 10 Aug 2013 09:33:05 -0700, Noah Misch , wrote:
>Note that PostgreSQL 8.3 had xmlvalidate() for a time; commit
we found that, xmlvalidate() was for checking well formedness of an xml doc,
not for validating against xml schema, we inferred this from Release note of
8.2
for reference, below is the content from release documentation of version 8.2
" In contrib/xml2/, rename xml_valid() to xml_is_well_formed() (Tom)
xml_valid() will remain for backward compatibility, but its behavior will
change to do schema checking in a future release."
[http://www.postgresql.org/docs/8.2/static/release-8-2.html]
>3bf822c4d722d6245a65abdd2502a9d26ab990d5 removed it due to security problems.
>A new implementation (or revamp of the old) must avoid reintroducing those
>vulnerabilities. Similar considerations apply to XML Schema.
the main vulnerability in the xmlvalidate()
[http://www.postgresql.org/message-id/20080301024649.3cdcd754...@cvs.postgresql.org]
was mainly because one of the parameter was file path.
But in our case, we are taking xml as a string, currently we didn't proposed
file path as a input parameter to any of our function.
Thanks,
Pridhvi & Vikrantsingh
IIIT Bangalore
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers
