Hey all, We talked about preventing from Denial of Service attacks with the throttle and cache mediator. This is a good way to prevent against such DOS-Attacks that are based on sending a whole lot of requests and blocking the service in this way.
But what about attacks that are based on malicious single messages to block the service. For example "Recursive Payload" attacks or Oversize Payload" attacks. Lets say we are receiving a request which contains a 10000 times nested SOAP Message. When our service tries to parse that it is its direct way to the nirvana ... My first idea: Lets validate the incoming messages against an XML Schema file. Now the key question here is: How is the validate Mediator implemented internally? Or to be more precise: Does it use a DOM-Parsing Model or a SAX-Parsing Model to validate? Somebody knows that? Short Explanation: If it uses a DOM-Parsing Model it is vulnerable to DOS-attack itself, because it has to parse the whole XML-Tree into the data structure before it can use it. The SAX-Parsing model is not vulnerable to DOS-attacks, on the flipside its usage is not really convenient. Somebody has other ideas how to protect against "Recurisve Payloads" and "Oversize Payloads"? /Simon
