That's correct Chad. If you run linux or strict casing this is also a security improvement over loose DTD as well.
It eerily close to SOX compliance questions that auditors generally ask when reviewing apps. On Thu, Apr 5, 2012 at 8:52 AM, Chad Baloga <cbal...@gmail.com> wrote: > > I was presented with some questions regarding XML and was wondering if there > are any setting in Coldfusion to disable any of these or I do not need to > worry about it since we do not use any XML in our code: > > 1. How application employs methods for XML schema validation. > 2. How application disables use of inline XML Document Type Definition (DTD) > schemas in XML parsing objects. > 3. How application manages DTD parsing behavior as a key to preventing the > invocation of XML bombs. > > Is it safe to say IF we were to use XML we could use the XML validation > function built in CF9? > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:350645 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
