[xquery-talk] XQuery and the Rule of Least Power

Michael Champion michael.champion at hotmail.com
Tue Mar 7 09:41:31 PST 2006


The first question is whether this finding is worthy of effort to deconstruct it.  The TAG had a lot of pushback / discussion , and the one I liked best was Henry Thompson's http://lists.w3.org/Archives/Public/www-tag/2006Feb/0062.html point that this is just saying "Occam's Razor applies to computers too."   Would it be fruitful to agonize over how Occam's Razor applies to XQuery? (beyond the navel gazing that has been happening for years on xml-dev, of course) :-)
 
I do think that people need to think hard before exposing XQuery (or interfaces that can be used to generate arbitrary XQuery expressions) to untrusted clients.  Recursion obviously is  a way of creating queries that run for so long that they are effectively Denial of Service attacks.  Likewise it's a possible way to generate stack overflows in implementations that aren't tested with sufficient paranoia. Likewise, I suppose we can envision XQuery injection attacks in all sorts of devious ways that would compromise confidential information.  If the TAG finding is a good reminder that exposing the bare minimum of XML query functionality over the web is a Good Thing, it could be useful. 



> Date: Tue, 7 Mar 2006 10:08:34 -0500> From: jonathan.robie at datadirect.com> To: talk at xquery.com> Subject: [xquery-talk] XQuery and the Rule of Least Power> > I just read the TAG finding called "The Rule of Least Power" [1], and I > find it difficult to know how to apply it to XQuery. The following > statement is central to the paper:> > > The Turing-complete languages are shown by computer science to be > > equivalent in their ability to compute any result of which a computer > > is capable, and are in that sense the most powerful class of languages > > for computers. The tradeoff for such power is that you typically > > cannot determine what a program in a Turing-complete language will do > > without actually running it. Indeed, you often cannot tell in advance > > whether such a program will even reach the point of producing useful > > output.> > Although XQuery is Turing complete, all it can do is return values, and > if you have a static type system, you also know an awful lot about what > values it is going to return. Any thoughts on how this Rule applies to > deciding whether to use XQuery for a given project? Or does XQuery > violate the Rule proposed here?> > Jonathan> > [1] http://www.w3.org/2001/tag/doc/leastPower.html> > -- > Read my Blog: http://blogs.datadirect.com/jonathan_robie/> Learn XQuery: http://media.datadirect.com/download/docs/ddxquery/tutorial_query.html> Learn XQJ (the JDBC for XQuery): http://www.datadirect.com/developer/xquery/topics/xqj_tutorial/> Get DataDirect XQuery: http://www.datadirect.com/products/xquery/> > _______________________________________________> talk at xquery.com> http://xquery.com/mailman/listinfo/talk
_________________________________________________________________
It's the future, it's here, and it's free: Windows Live Mail beta
http://www2.imagine-msn.com/minisites/mail/Default.aspx?locale=en-us
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://xquery.com/pipermail/talk/attachments/20060307/0dc7bae8/attachment.htm


More information about the talk mailing list