users@jersey.java.net
Re: [Jersey] Jersey vulnerable to XXE attack?
This message
: [
Message body
] [ More options (
top
,
bottom
) ]
Related messages
: [
Next message
] [
Previous message
] [
In reply to
] [
Next in thread
] [
Replies
]
Contemporary messages sorted
: [
by date
] [
by thread
] [
by subject
] [
by author
] [
by messages with attachments
]
From
: Martin Probst <
mail_at_martin-probst.com
>
Date
: Thu, 9 Jul 2009 14:22:25 +0200
> I think one should generally set
>
http://java.sun.com/j2se/1.5.0/docs/api/javax/xml/XMLConstants.html#FEATURE_SECURE_PROCESSING
> to true in the DocumentBuilderFactory when processing XML from the
> outside.
Actually I'm not even sure if that prevents entity expansion
generally. I think one also needs
"factory.setExpandEntityReferences(false);".
Martin
This message
: [
Message body
]
Next message
:
António Mota: "Generate WADL on runtime"
Previous message
:
Jakub Podlesak: "Re: [Jersey] Is it always required to use xml2Ns() method?"
In reply to
:
Martin Probst: "Re: [Jersey] Jersey vulnerable to XXE attack?"
Next in thread
:
Paul Sandoz: "Re: [Jersey] Jersey vulnerable to XXE attack?"
Reply
:
Paul Sandoz: "Re: [Jersey] Jersey vulnerable to XXE attack?"
Contemporary messages sorted
: [
by date
] [
by thread
] [
by subject
] [
by author
] [
by messages with attachments
]