Any advice for best practices against security attacks on xml signatures? I've heard a little bit about namespace attacks, xml bombs (million lol attack), and wrapper attacks. There are probably many others I am missing. Is there a set of rules (outside of the w3 standards already in place) that you adhere to? What about inherent weaknesses of the cannonicalization process?
-A _______________________________________________ xmlsec mailing list [email protected] http://www.aleksey.com/mailman/listinfo/xmlsec
