On 11/12/2023 14:53, Christopher Schultz wrote: <snip/>
Or are there maybe cases where these protections should NEVER be reduced? I'm think about the WebDAV servlet as a good example: there is never a good reason to allow remote-client-provided XML to be parsed in a potentially dangerous way. Maybe in those cases, we just enable all of the protections and don't give administrators any choices.
For WebDAV it could be done in such a way that if someone did want to override it (can't think of a use case but you never know) they'd just need to extend the WebDAV servlet, override a method and then use their custom WebDAV servlet.
Am I wasting my time thinking about this? Each place in the Tomcat code does things a little bit differently. If nothing else, perhaps a review of what we do in each place would make sense and at least a minimum level of uniformity could be brought to each use of XML parsing in Tomcat's code.
I'm a little concerned that if we change behavior we might cause unexpected breakage.
It looks like for full control we'd need 5 new configuration options in multiple places. That looks like a lot of code/config for something users aren't asking for.
Starting with a review and then bringing specific proposals for changes to the list seems like a reasonable place to start. I think we'll probably end up doing something. Just not sure what.
Mark --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
