Matthew A. Miller propagated the following meme: > * External entity references[2]
One thing to note, a recent bugtraq posting[1] pointed at a long-standing security issue with XML parsers and external entity references. For example, <!ENTITY foo SYSTEM "file:///dev/random"> could be an effective DOS against a fully compliant parser. Thus if you're using an off-the-shelf XML parser, it's a good idea to filter out things you're not expecting (such as DTD declarations) before they hit the parser. Charles Miller [1] http://online.securityfocus.com/archive/1/297714/2002-10-24/2002-10-30/2 _______________________________________________ jdev mailing list [EMAIL PROTECTED] http://mailman.jabber.org/listinfo/jdev
