Thanks a lot, Rick and you all!
Rick's code works very well on my test confirming the risk of this
Dos.
It will resolve serious, widespread problems.
(But, I've never checked the adverse affect.)
I'll go on additional tests.
This setting is desirable from the viewpoint of security of the Rails
based Web Application.
As far as I know, Major commercial server applications reject the
outside DTD(Doctypes) by default setting.
I should like to thank you promptly and fully for your cooperation.
On 8月4日, 午前1:50, "Rick Olson" <[EMAIL PROTECTED]> wrote:
> Lame one-line fix until someone smarter than me comes up with one:
>
> REXML::Document.class_eval { def doctype() nil end }
>
> This hides any doctype so XmlSimple will ignore it. I think it's good
> enough until this gets properly patched.
>
> script/plugin
> installhttp://svn.techno-weenie.net/projects/plugins/xml_simple_doctype_fix
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Ruby
on Rails: Core" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/rubyonrails-core?hl=en
-~----------~----~----~----~------~----~------~--~---
