473,396 Members | 2,004 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > .net framework > questions > xslt security

Join Bytes to post your question to a community of 473,396 software developers and data experts.

xslt security

Can anyone tell me what security problems that can be encountered when
running xslt transformation on the server side? appart from potential
infinite loops?

Also, I have the below code... why am i being forced to pass the
EVIDENCE... ( all other constructors are marked absolete ) and what is
the evidence anyway? what does it do? I need to pass a string to
transformer.load...

Sub Work()

Dim x As New Xml.XmlDocument
x.Load("sales.xml")
Dim t As New Xml.Xsl.XslTransform

Dim w As New System.IO.StreamReader("transform.xsl")
Dim xr As New System.Xml.XmlTextReader(w)
t.Load(xr, Nothing, New System.Security.Policy.Evidence)
w.Close()

Dim sw As New System.IO.StringWriter
t.Transform(x.CreateNavigator(), Nothing, sw, Nothing)
s = sw.ToString()

End Sub

Nov 22 '05 #1
4 1365
Tascien,

Security is something seldom answered at least not by me.

However there are some special security newsgroups for dotnet.

microsoft.public.dotnet.framework.security
and
microsoft.public.dotnet.security.

I give you in one of those newsgroups a better change.

Cor
Nov 22 '05 #2
thank you

Nov 22 '05 #3
KJS
In article <11*********************@f14g2000cwb.googlegroups. com>,
ta******@ecoaches.com says...
thank you


Thanks for the thread - I have posted the exact same questions (but from
a different angle, I have went throught the grueling steps to satisfy
"evidence" and "xmlresolver" etc... but now have this new issue (see
subject below) to the DOTNET.XML forum, subject -
"System.Xml.Xsl.XsltException: Missing mandatory attribute 'version'"

Very interested in your results.
Nov 22 '05 #4
Never been able to find out anything more about this subject. As my
software was approaching Alpha release, I did not have enough time to
investigate further... I have a feeling that programmers at Microsoft
are no longer as smart as they used to be. The software that they are
releasing these days are not as Intuitive as they were before...

Compared to its time, classic ASP was a clear and concise concept,
ASP.NET, although with its powers, it has so many questions still not
answered, after i went through the process of building an application
with it. Amongst:

1. the xsl transformation constructors
2. shared hosting with different ASP.NET user account. (they all run
under NETWORK SERVICE)
3. returning an auto-increment ID after inserting a record in ADO.NET
4. debugging on remote computer. (Never been able to set this up
successfully. May be i was doing something wrong... but i kept asking
questions...)
5. sharing .NET project with other programmers at the same time...

those are some of (not all) the questions that went unanswered on
google groups during the last 7 months i was building this new software
based on .NET.

I am not going to ask anymore questions at this time. I will just wait
for .NET 2.0, and hope that things are better there. But i hope... I
hope we don't have the same pain Moving to 2.0, like it was from
classing ASP to .NET.

Sorry to be off topic... but that is my opinion.

Nov 22 '05 #5
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

2
How can I evaluate a XSLT param/variable during a Xalan C++ transformation ?
by: philips | last post by:
Hi everybody, I am using the Xalan 1.8 C++ API in a real-time financial application which need to apply XSLT transformations on XML input messages received on-the- fly. On the process output,...
.NET Framework
12
Web service throwing XML - XSLT transformation, how?
by: gipsy boy | last post by:
Hello, I have sort of a big problem. I would really appreciate any help you could give me. I made a web service in C++ that throws XML to the client (browser). But, the XSLT transormation...
.NET Framework
0
XSLT encoding ??
by: resolutionsnet | last post by:
Hi, I raised as message earlier in this forum with regards to an error when preforming a XSLT transform (see bottom of this message). On further investigation I'm find that some of the XSLT...
.NET Framework
14
Firefox and XSLT (local stylesheet works, server-based stylesheet fails)
by: David Blickstein | last post by:
I have some XML documents that I want to open in a web browser and be automatically translated to HTML via XSLT. I'm using an xml-stylesheet processing command in a file called "girml.xml". ...
.NET Framework
2
xslt security
by: tascien | last post by:
Can anyone tell me what security problems that can be encountered when running xslt transformation on the server side? appart from potential infinite loops? Also, I have the below code... why am...
.NET Framework
3
Blank lines inserted when XSLT output inside a loop
by: Jim | last post by:
When output from inside a loop <xsl:for-each select="Comment"> <br><xsl:value-of select="Line" /></br> </xsl:for-each> A blank line is inserted between each line, when I remove the <br> then...
.NET Framework
7
passing param to xslt styleseet problem
by: Harolds | last post by:
The code below worked in VS 2003 & dotnet framework 1.1 but now in VS 2005 the pmID is evaluated to "" instead of what the value is set to: .... xmlItems.Document = pmXML // Add the pmID...
.NET Framework
6
XML/XSLT Transformations
by: Christopher | last post by:
I am currently in the process of evaluating the performance hits of moving to the .NET platform for our application. I created a sample project that loads the transforms the same XML and XSLT in...
C# / C Sharp
2
XSLT doesn't work in my IE(PC), works on different IE(PC)
by: Kiran | last post by:
Hi, I have created an application using the XML Load On Demand of Infragistics Ultra Webgrid. It was working fine when I developed it in a different PC. When I browse the same page from by PC,...
ASP.NET
1
how to put image in xslt
by: Arun dudee | last post by:
how to put img in xslt file where path of imge is present in xml not my pat of xml is <root> <img> <banner ban="C:/Documents and Settings/Administrator/Desktop/hariom/ xml/b.GIF"></banner>...
.NET Framework
0
Merging data from multiple Excel files
by: ryjfgjl | last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
Data Management
0
Migrating Website to Cloud - Emmanuel Katto
by: emmanuelkatto | last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel
General
0
BarryA
Navigating the Data Structures and Algorithms (DSA)
by: BarryA | last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
Algorithms / Advanced Math
1
Is that possible of reading the .csv file in column wise and the column have different lengths ?
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
C / C++
0
How to build RAID in BIOS?
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
Computer Hardware
0
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
General
0
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
Online Marketing
0
The easy way to turn off automatic updates for Windows 10/11
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
Windows Server
0
tracyyun
Discussion: How does Zigbee compare with other wireless protocols in smart home applications?
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
General

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!