.NET 2.0 prohibits DTD in XML by default

Blogger : Oleg Tkachenko
All posts : All posts by Oleg Tkachenko
Category : .NET XML, System.XML
Blogged date : 2005 May 04

Yep, no DTD is allowed by default in the .NET 2.0 Beta2:

XmlReaderSettings.ProhibitDtd Property (System.Xml)
Gets or sets a value indicating whether to prohibit document type definition (DTD) processing.

Return Value
true to prohibit DTD processing; otherwise false. The default is true.

Remarks
This setting can be useful in preventing certain denial of service attacks. When set to true, the reader throws an System.Xml.XmlException when any DTD content is encountered.

That`s for sure contradicts "Allow all XML syntax" gospel, but looks like Microsoft takes security very seriously nowadays. Well, at least Microsoft`s XML team. Most likely that was a hard decision, but may be not since what are the options here in the face of the billions of laughs attack If 1Kb well-formed XML document can hog all your CPU and memory when you just open it in a browser, which processes DTD, such as IE

Well, sure it`s just a default value and can be changed. But defaults are more than just defaults and I bet most .NET 2.0 applications won`t accept XML with DTD. That`s sort of a milestone in XML history.

Read comments or post a reply to : .NET 2.0 prohibits DTD in XML by default

CONTENTS

Page 17551 of 20224

Newest posts



	Recent Jobs Integration Specialist Needed - Work Fro Virtualization Server Infrastructure Arc A great opportunity to Digital Video Eng here is a greate opportunity as a SMS En A great opportunity as a Network Enginee View all Jobs (Add yours) View all CV (Add yours)

	Cheap Web Hosting Samsung Delve Accessories conference calling
	Partners Dream.In.Code dotNet Slackers dotNet Spider Your HTML Source VisualBuilder.com DevGuru Planet Source Code ZVON.ORG Web Design ASPAlliance XML Pitstop Scripts The Spot 4 SAP Bitshop Web Hosting

Email TopXML