HI Shafreen, AFAIK we are setting entity expansion limit to 0 in code level to prevent this entity expansion, will that affect this configuration ?.
Thanks On Fri, Aug 19, 2016 at 3:40 PM, Shafreen Anfar <[email protected]> wrote: > Hi Bhathiya, > > Well, to be honest I find it hard to understand the rational behind that > statement too. Entity Expansion Limit is there to prevent entity expansion > attack [1]. I don't think it has anything to do with clustering. > > [1] http://blog.bdoughan.com/2011/03/preventing-entity- > expansion-attacks-in.html > > On Thu, Aug 18, 2016 at 10:26 PM, Bhathiya Jayasekara <[email protected]> > wrote: > >> Hi ESB team, >> >> In "JVM Level Tuning" doc[1] in ESB, it says >> >> "If one or more worker nodes in a clustered deployment require access to >> the management console, you need to increase the entity expansion limit." >> >> Could you please explain the rational behind this. I think we need to >> explain it in the doc too. >> >> [1] https://docs.wso2.com/display/ESB490/Java+Virtual+Machin >> e+(JVM)+Level+Tuning >> >> Thanks, >> >> -- >> *Bhathiya Jayasekara* >> *Senior Software Engineer,* >> *WSO2 inc., http://wso2.com <http://wso2.com>* >> >> *Phone: +94715478185 <%2B94715478185>* >> *LinkedIn: http://www.linkedin.com/in/bhathiyaj >> <http://www.linkedin.com/in/bhathiyaj>* >> *Twitter: https://twitter.com/bhathiyax <https://twitter.com/bhathiyax>* >> *Blog: http://movingaheadblog.blogspot.com >> <http://movingaheadblog.blogspot.com/>* >> > > > > -- > Regards, > *Shafreen* > Software Engineer > WSO2 Inc > Mobile : 077-556-395-1 > > _______________________________________________ > Dev mailing list > [email protected] > http://wso2.org/cgi-bin/mailman/listinfo/dev > > -- Prakhash Sivakumar Software Engineer | WSO2 Inc Platform Security Team Mobile : +94771510080 Blog : https://medium.com/@PrakhashS
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
