1. 21
  1.  

  2. 2

    In addition to the processing problem, XML security gives you the flexibilty to shoot yourself in the foot in a dozen different ways without even knowing it. For example there are applications that sign the document header (rather than the document itself), because XML gives you the flexibility to do that. There’s at least one application that signs an empty string, because XML gives you the flexibility to do that.

    Reminiscent of the state of JWT today.

    1. 2

      It’s sort of fascinating to read that something I’ve never thought about doing is practically impossible. Of course, I wasn’t programming in the early 2000s. What were people trying to do back then?

      1. 1