"Benjamin Kolin" <[EMAIL PROTECTED]> wrote on 05/03/2004 01:50:35 PM:
> Followup question - what is considered the best method to defend against
> extity expansion DOS attacks? Specifically I am concerned about the
> internal DTD because the features you mentioned already give me control
> over the external DTD. It would be acceptable to me to ignore the
> internal DTD altogether. Thanks.
See the property: http://apache.org/xml/properties/security-manager [1]
[1] http://xml.apache.org/xerces2-j/properties.html
[2]
http://xml.apache.org/xerces2-j/javadocs/xerces2/org/apache/xerces/util/SecurityManager.html
[3] http://xml.apache.org/xerces2-j/faq-write.html#faq-2
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
