[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
Re: [xml-dev] XML processor attacks
- From: Tei <oscar.vives@gmail.com>
- To: xml-dev@lists.xml.org
- Date: Thu, 1 Feb 2007 11:27:12 +0100
What about circular references?
A include B,
B include C,
C include A.
Is that posible?
On 1/31/07, Richard Salz <rsalz@us.ibm.com> wrote:
> It's pretty easy to cause a denial of service with short messages such as
> a million elements deep:
> <x><x><x><x><x><x>....</x></x>
> Or badly fragmented:
> <x><y>.</y><y>.</y>....</x>
> Maximum element, attribute or namespace prefix name
> <xxx... xxx...='...' xmlns:xxx...='...'
> Excessively long attribute or namespace values (the '...' above)
> Excessive attributes or namespace declarations
> <x a1='.' a2='.' a3='.' ...
>
> Schema validation won't save you as long as there's an xs:any extension
> point in the schema.
>
> The key point here is that these attacks are asymmetric -- it's trivial to
> generate these with print statements, but the recipient has to expend a
> lot of horsepower.
>
> /r$
>
> --
> STSM
> Senior Security Architect
> DataPower SOA Appliances
>
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
