XML Server Security
During processing, XML files can rely on XML schemas, document type definitions (DTDs), external entity files, and style sheets. The contents of these supporting files can affect the content and presentation of the XML documents and must receive the same level of security protection as the XML files themselves.
XML files and their supporting files can be managed using conventional permissions and authentication strategies. Information entering or leaving a database through an XML file can be managed with both database security and security on the XML conversion mechanisms. For the most part, these issues are handled in the same way they are for HTML files and databases that store information for distribution over the Web.
In some cases, developers rely on supporting files from sources they do not control. For example, the World Wide Web Consortium (W3C) hosts the DTDs for XHTML, the XML version of HTML. Consortia sites and schema repositories provide many sources of ready-to-use XML document structures and supporting files. Developers should check that the hosting organization is providing adequate security and that the files cannot be modified without permission.