XML Editor - Download a Free Trial >
See What's New >
Buy Now >

[Home] [By Thread] [By Date] [Recent Entries]

  • From: Tei <oscar.vives@g...>
  • To: xml-dev@l...
  • Date: Thu, 1 Feb 2007 11:27:12 +0100
What about circular references?

A include B,
B include C,
C include A.

Is that posible?


On 1/31/07, Richard Salz <rsalz@u...> wrote:
> It's pretty easy to cause a denial of service with short messages such as
> a million elements deep:
>         <x><x><x><x><x><x>....</x></x>
> Or badly fragmented:
>   <x><y>.</y><y>.</y>....</x>
> Maximum element, attribute or namespace prefix name
>   <xxx...  xxx...='...' xmlns:xxx...='...'
> Excessively long attribute or namespace values (the '...' above)
> Excessive attributes or namespace declarations
>  <x a1='.' a2='.' a3='.' ...
>
> Schema validation won't save you as long as there's an xs:any extension
> point in the schema.
>
> The key point here is that these attacks are asymmetric -- it's trivial to
> generate these with print statements, but the recipient has to expend a
> lot of horsepower.
>
>         /r$
>
> --
> STSM
> Senior Security Architect
> DataPower SOA Appliances
>
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index]

XML Editor - Download a 15 Day Free Trial Now >
See What's New in Stylus Studio >
Buy Stylus Studio - XML Editor - Now >
Site Map | Privacy Policy | Terms of Use | Trademarks
Free Stylus Studio XML Training:
W3C Member