[jbossws-dev] [Design of JBoss Web Services] - FEATURE_SECURE_PROCESSING and related dtd parsing config usa
scott.stark@jboss.org
do-not-reply at jboss.com
Wed Mar 14 23:04:12 EDT 2007
A question has come up around the dtd entity parsing denial of service issue raised here:
http://www-128.ibm.com/developerworks/xml/library/x-tipcfsx.html
http://java.sun.com/j2se/1.5.0/docs/guide/xml/jaxp/JAXP-Compatibility_150.html#JAXP_security
Are we allowing for the use of the parser.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true) to limit the defaults?
What about disabling doctypes via the http://apache.org/xml/features/disallow-doctype-decl feature:
http://xerces.apache.org/xerces2-j/features.html
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4028226#4028226
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4028226
More information about the jbossws-dev
mailing list