OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index]
RE: [xml-dev] XML processor attacks

It's pretty easy to cause a denial of service with short messages such as 
a million elements deep:
Or badly fragmented:
Maximum element, attribute or namespace prefix name
  <xxx...  xxx...='...' xmlns:xxx...='...'
Excessively long attribute or namespace values (the '...' above)
Excessive attributes or namespace declarations
 <x a1='.' a2='.' a3='.' ...

Schema validation won't save you as long as there's an xs:any extension 
point in the schema.

The key point here is that these attacks are asymmetric -- it's trivial to 
generate these with print statements, but the recipient has to expend a 
lot of horsepower.


Senior Security Architect
DataPower SOA Appliances

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index]

News | XML in Industry | Calendar | XML Registry
Marketplace | Resources | MyXML.org | Sponsors | Privacy Statement

Copyright 1993-2007 XML.org. This site is hosted by OASIS