Bruce Schneier expresses some concerns about "Security Risks of
Unicode" in the latest issue of his Cryptogram newsletter. Thoser who
don't subscribe can see:
http://www.counterpane.com/crypto-gram-0007.html#9
At this point the concerns are mostly theoretical. Nonetheless I
think they're reasonable, especially when you consider the recent
discussions here about C1 control characters and the unintended
consequences of these characters. Throw XML/Unicode encoded
application protocols like SOAP and XML-RPC into the mix and who
knows what can happen? Which is pretty much Schneier's point.
Anyway, I'm curious to know what other Unicodists think about the
potential security implications Schneier raises. I'm not sure if he
subscribes to this list ([EMAIL PROTECTED],
http://www.unicode.org/unicode/consortium/distlist.html) or not so I
cc'd him so he can participate as well.
+-----------------------+------------------------+-------------------+
| Elliotte Rusty Harold | [EMAIL PROTECTED] | Writer/Programmer |
+-----------------------+------------------------+-------------------+
| The XML Bible (IDG Books, 1999) |
| http://metalab.unc.edu/xml/books/bible/ |
| http://www.amazon.com/exec/obidos/ISBN=0764532367/cafeaulaitA/ |
+----------------------------------+---------------------------------+
| Read Cafe au Lait for Java News: http://metalab.unc.edu/javafaq/ |
| Read Cafe con Leche for XML News: http://metalab.unc.edu/xml/ |
+----------------------------------+---------------------------------+
