[XML-DEV Mailing List Archive Home] [By Thread] [By Date] [Recent Entries] [Reply To This Message] Re: SAX characters event and external entities
>Here's an easy attack -- send you a start tag, then just keep sending >random alphanumeric characters until your system chokes. An arbitrary >limit -- even a very high one, like a few gigabytes -- would be useful. This seems like the wrong level to deal with it. If your worry is memory use, limit memory use, not the length of element names. Either use the operating system's facilities for limiting memory, or have a special purpose allocator. (Or is that too difficult in languages like Java?) I had to address this in my on-line validator, and did it by using unix's memory and cpu time limits. -- Richard
|
PURCHASE STYLUS STUDIO ONLINE TODAY!Purchasing Stylus Studio from our online shop is Easy, Secure and Value Priced! Download The World's Best XML IDE!Accelerate XML development with our award-winning XML IDE - Download a free trial today! Subscribe in XML format
|