W3C home > Mailing lists > Public > public-xmlsec-maintwg@w3.org > May 2008

Re: Best Practices process

From: Sean Mullan <Sean.Mullan@Sun.COM>
Date: Tue, 13 May 2008 13:25:50 -0400
To: Pratik Datta <pratik.datta@oracle.com>
Cc: Konrad Lanz <Konrad.Lanz@iaik.tugraz.at>, Frederick Hirsch <frederick.hirsch@nokia.com>, XMLSec XMLSec <public-xmlsec-maintwg@w3.org>
Message-id: <4829CF1E.3020601@sun.com> 

Hi Pratik,

Pratik Datta wrote:
> 2.2  Reduce opportunities for denial of Service attacks
>   Best Practice 5 Avoid RetrievalMethod
> 
>  RetrievalMethods can have bad transforms, external references and 
> infinite loops.
> 
>  Example of Retrieval methods with infinite loop : 
> 
> <RetrievalMethod Id="rm" URI="#rm"/>
> 
> Infinite loops can also happen with a circular chain of RetrievalMethods .

RetrievalMethods don't have an ID attribute. Even so, I'm not sure how 
you can get an infinite loop - can you explain that?

--Sean
Received on Tuesday, 13 May 2008 17:26:48 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 13 May 2008 17:26:48 GMT