Introduction

Extensible Markup Language (XML) is the "love-child" of the World Wide Web Consortium (W3C). Since its inception in 1996, it has grown into an ever-evolving standard that has captured the attention of just about every business looking for ways to be innovative in putting content or applications on the Internet.

XML is really a method of describing data in a format that makes it intelligible to applications no matter what format the data needs to be read in. XML makes it possible to express the same data in multiple forms. It was originally intended for use on Web site documents just like Hypertext Markup Language (HTML) was. However, its potential for transforming and reusing data has placed it far beyond simply this use. One would ask, "Because XML is really just a specification, and XML documents are really just text with tags, why do I need to worry about security?" The answer is that because XML is so versatile, it can be used to move data back and forth between two applications; for instance, from a Web site to a database management system. In some implementations, this information can be confidential, so security should be considered as to what users of a Web site or Web application using XML are allowed to see.

This chapter gives a functional overview of XML and key concepts associated with it. You should develop an understanding of how XML can be leveraged in your Web applications. The risks associated with using XML improperly...