At any rate, that doesn't explain not using URI in the JDK 1.6 library.
In the implementation, we do check that String URIs are valid URIs using the
java.net.URI class. That's why Ling's example causes an exception.
I'm not disagreeing that it would be better to use URIs instead of Strings.
I don't want this to sound like a throw-away line, because I sincerely mean
it:
Flexibility is the natural enemy of security.
Bells and whistles have a nasty habit of turning into doors and windows. As
Microsoft has experienced time and time again, the more accommodating you
make a piece of code
It shouldn't. That attribute is typed as a uri in the XMLSec schema.
-Jason
On Tue, Nov 11, 2008 at 1:18 AM, Ling Xiaohan <[EMAIL PROTECTED]> wrote:
> No, the signature verification is done by another program, URL encode may
> confuse it when dereferencing
> to local system.
> However, I will
Laugh all you want :), but an API dependency on java.net.URI would have ruled
out support for JDK 1.2/1.3, which was important at the time (but maybe not so
much anymore).
Just escape the space and it should work:
factory.newReference("My%20document/test.txt", ...);
--Sean
jason marshall wro
No, the signature verification is done by another program, URL encode may
confuse it when dereferencing
to local system.
However, I will try. Thanks.
- Original Message -
Did you URL encode before passing the String form of the URI in to the
Reference? I pass my URIs as URI objects
Did you URL encode before passing the String form of the URI in to the
Reference? I pass my URIs as URI objects until the last moment, so that I
don't have to chase down encoded/unencoded data paths through the code.
Saves me a lot of headaches and some potential security holes.
-Jason
(I will n
Hi,
URI attribute of tag can be set to a relative path in local
file
system, but when the path contains blank space, it seems this
tag coulde not be created by XMLSignatureFactory.newReference method.
Ex.,
where there is a space in "My document".
Is this a limit?
Thanks.
---
