- From: Sean Mullan <Sean.Mullan@Sun.COM>
- Date: Tue, 13 May 2008 13:25:50 -0400
- To: Pratik Datta <pratik.datta@oracle.com>
- Cc: Konrad Lanz <Konrad.Lanz@iaik.tugraz.at>, Frederick Hirsch <frederick.hirsch@nokia.com>, XMLSec XMLSec <public-xmlsec-maintwg@w3.org>
Hi Pratik, Pratik Datta wrote: > 2.2 Reduce opportunities for denial of Service attacks > Best Practice 5 Avoid RetrievalMethod > > RetrievalMethods can have bad transforms, external references and > infinite loops. > > Example of Retrieval methods with infinite loop : > > <RetrievalMethod Id="rm" URI="#rm"/> > > Infinite loops can also happen with a circular chain of RetrievalMethods . RetrievalMethods don't have an ID attribute. Even so, I'm not sure how you can get an infinite loop - can you explain that? --Sean
Received on Tuesday, 13 May 2008 17:26:48 UTC