Simon Willison’s Weblog

Subscribe

Posts tagged security, xml

Filters: security × xml × Sorted by date

Tip: Configure SAX parsers for secure processing. Explains the billion laughs attack, among others.

# 23rd August 2008, 11:12 am / billionlaughs, elliotte-rusty-harold, sax, security, xml

DoS vulnerability in REXML. Ruby’s REXML library is susceptible to the “billion laughs” denial of service attack where recursively nested entities expand a single entitity reference to a billion characters (kind of like the exploding zip file attack). Rails applications that process user-supplied XML should apply the monkey-patch ASAP; a proper gem update is forthcoming.

# 23rd August 2008, 11:11 am / billionlaughs, denial-of-service, rails, rexml, ruby, security, xml

Parsing XML can open network sockets (via) Yikes. Something to bare in mind.

# 18th August 2006, 2:27 pm / security, xml

XML security on SitePoint

Getting Started with XML Security is a SitePoint article of epic proportions. I had never really looked at any of the XML security applications but this article appears to cover the lot.

10:02 pm / 30th November 2002 / security, sitepoint, xml

Types

Years

Tags