[+Senduran] On Fri, Aug 19, 2016 at 4:06 PM, Prakhash Sivakumar <[email protected]> wrote:
> HI Shafreen, > > AFAIK we are setting entity expansion limit to 0 in code level to prevent > this entity expansion, will that affect this configuration ?. > > Thanks > > > On Fri, Aug 19, 2016 at 3:40 PM, Shafreen Anfar <[email protected]> wrote: > >> Hi Bhathiya, >> >> Well, to be honest I find it hard to understand the rational behind that >> statement too. Entity Expansion Limit is there to prevent entity expansion >> attack [1]. I don't think it has anything to do with clustering. >> >> [1] http://blog.bdoughan.com/2011/03/preventing-entity-expansion >> -attacks-in.html >> >> On Thu, Aug 18, 2016 at 10:26 PM, Bhathiya Jayasekara <[email protected]> >> wrote: >> >>> Hi ESB team, >>> >>> In "JVM Level Tuning" doc[1] in ESB, it says >>> >>> "If one or more worker nodes in a clustered deployment require access >>> to the management console, you need to increase the entity expansion limit. >>> " >>> >>> Could you please explain the rational behind this. I think we need to >>> explain it in the doc too. >>> >>> [1] https://docs.wso2.com/display/ESB490/Java+Virtual+Machin >>> e+(JVM)+Level+Tuning >>> >>> Thanks, >>> >>> -- >>> *Bhathiya Jayasekara* >>> *Senior Software Engineer,* >>> *WSO2 inc., http://wso2.com <http://wso2.com>* >>> >>> *Phone: +94715478185 <%2B94715478185>* >>> *LinkedIn: http://www.linkedin.com/in/bhathiyaj >>> <http://www.linkedin.com/in/bhathiyaj>* >>> *Twitter: https://twitter.com/bhathiyax <https://twitter.com/bhathiyax>* >>> *Blog: http://movingaheadblog.blogspot.com >>> <http://movingaheadblog.blogspot.com/>* >>> >> >> >> >> -- >> Regards, >> *Shafreen* >> Software Engineer >> WSO2 Inc >> Mobile : 077-556-395-1 >> >> _______________________________________________ >> Dev mailing list >> [email protected] >> http://wso2.org/cgi-bin/mailman/listinfo/dev >> >> > > > -- > Prakhash Sivakumar > Software Engineer | WSO2 Inc > Platform Security Team > Mobile : +94771510080 > Blog : https://medium.com/@PrakhashS > -- Prakhash Sivakumar Software Engineer | WSO2 Inc Platform Security Team Mobile : +94771510080 Blog : https://medium.com/@PrakhashS
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
