Hi,
My team is using jibx. I'm not finding information on how to deny/prohibit
DTD/Entity expansion in XML payloads.
We are finding vulnerabilities to XML bombs and information disclosure due to
the syntax like <!ENTITY greeting2 SYSTEM "file:///hello.txt">
In reading what online docs I find, I do not see this discussed.
Is there way to disable this since I cannot trust my input XML to not have XML
External Entity Attacks in them?
Thanks,
Andrew
------------------------------------------------------------------------------
What Every C/C++ and Fortran developer Should Know!
Read this article and learn how Intel has extended the reach of its
next-generation tools to help Windows* and Linux* C/C++ and Fortran
developers boost performance applications - including clusters.
http://p.sf.net/sfu/intel-dev2devmay
_______________________________________________
jibx-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/jibx-users
