OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help



   Re: [xml-dev] Malicious XML

[ Lists Home | Date Index | Thread Index ]

On Thu, Nov 14, 2002 at 04:15:41PM -0500, Karl Waclawek wrote:
> Just curious,
> are there any well-known ways to protect against
> malicious XML, e.g. XML that causes your parser
> to eat up all memory?

  Provide your own memory allocator and put some application
based controls. Even if the parser operates on constant memory
(or memory proportional to the depth of the tree), there will
be problems on the consuming side anyway.
  I think everybody doing XML processing on embedded systems is
used to implement those, but it may not have reached more general
processing environments.


Daniel Veillard      | Red Hat Network https://rhn.redhat.com/
veillard@redhat.com  | libxml GNOME XML XSLT toolkit  http://xmlsoft.org/
http://veillard.com/ | Rpmfind RPM search engine http://rpmfind.net/

  • References:


News | XML in Industry | Calendar | XML Registry
Marketplace | Resources | MyXML.org | Sponsors | Privacy Statement

Copyright 2001 XML.org. This site is hosted by OASIS