[XML-DEV Mailing List Archive Home] [By Thread] [By Date] [Recent Entries] [Reply To This Message] Re: SOA and the Single URL
> OK, I can see what you are saying. Is there some facility to > deny/turn-off processing for a type of DoS attack? Say something is > sending you several complex, large messages - what happens to the gateway? In the worst case, the gateway goes down before your application server does. More usually, gateways are more aware of XML-based network attacks than most applications (e.g., billion laughs, XML too big, etc) and will drop the message, fault it, report it, whatever, when thresholds are exceeded. XML is particulary useful for DoS, since the processing load is asymmetric: the adversary can just use print statements, while the victim receiver needs to parse. Gateways built around OSS or COTS parsers, for example, are often just as vulnerable as the servers they're protecting. Caveat emptor. /r$ -- Rich Salz, Chief Security Architect DataPower Technology http://www.datapower.com XS40 XML Security Gateway http://www.datapower.com/products/xs40.html
|
PURCHASE STYLUS STUDIO ONLINE TODAY!Purchasing Stylus Studio from our online shop is Easy, Secure and Value Priced! Download The World's Best XML IDE!Accelerate XML development with our award-winning XML IDE - Download a free trial today! Subscribe in XML format
|