Chapter 4 XML Processing


143


When relying on the schemas to which documents internally declare they are


conforming (through a DTD declaration or an XSD hint), for security and to avoid


external malicious modification, you should keep your own copy of the schemas


and validate against these copies. This can be done using an entity resolver, which


is an interface from the SAX API (


org.xml.sax.EntityResolver


), that forcefully


maps references to well known external schemas to secured copies.


To summarize these recommendations:


E


Validate incoming documents at the system boundary, especially when docu 


ments come from untrusted sources.


E


When possible, enforce validation up front against the supported schemas.


E


When relying on internal schema declarations (DTD declaration, XSD hint, 


and so forth):


E


Reroute external schema references to secured copies.


E


Check that the validating schemas are supported schemas.


4.3.4 Mapping Schemas to the Application Data Model


After defining the application interface and the schemas of the documents to be con 


sumed and produced, the developer has to define how the document schemas relate


or map to the data model on which the application applies its business logic. We


refer to these document schemas as external schemas. These schemas may be spe 


cifically designed to meet the application's requirements, such as when no preexist 


ing schemas are available, or they may be imposed on the developer. The latter


situation, for example, may occur when the application intends to be part of an inter 


acting group within an industry promoting standard vertical schemas. (For example,


UBL or ebXML schemas.)


4.3.4.1


Mapping Design Strategies


Depending on an application's requirements, there are three main design strategies


or approaches for mapping schemas to the application data model. (See Figure 4.4.)


1. An  out to in  approach The developer designs the internal data model 


based on the external schemas.


2. A  meet in the middle  approach The developer designs the data model


along with an internal generic matching schema. Afterwards, the developer de 








New Page 1









  

  

    

      
      


      Home :
      About Us : 
      Network :
      Services : 
      Support :
      FAQ : 
      Control Panel : 
      Order Online : 
      Sitemap :
      Contact :
      Terms Of Service

      java web hosting
 

    

    

      
       
    

    

      
      
 Our partners: | 
      PHP: Hypertext Preprocessor
      | Best Web Hosting
      | 
Java Web Hosting
      |
Inexpensive Web Hosting |
      


      

Jsp Web Hosting 
      
      |
Cheapest Web Hosting 
      | 
Jsp Hosting
      |
Cheap Hosting


      		
    

    

      
       
    

    

      
      
Virtualwebstudio. Business web hosting division of Web 
      Design Plus. All rights reserved