You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@santuario.apache.org by "Colm O hEigeartaigh (JIRA)" <ji...@apache.org> on 2014/05/01 16:22:08 UTC
[jira] [Closed] (SANTUARIO-327) Add a secure validation switch for
streaming signature processing
[ https://issues.apache.org/jira/browse/SANTUARIO-327?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Colm O hEigeartaigh closed SANTUARIO-327.
-----------------------------------------
> Add a secure validation switch for streaming signature processing
> -----------------------------------------------------------------
>
> Key: SANTUARIO-327
> URL: https://issues.apache.org/jira/browse/SANTUARIO-327
> Project: Santuario
> Issue Type: Improvement
> Security Level: Public(Public issues, viewable by everyone)
> Components: Java
> Reporter: Colm O hEigeartaigh
> Assignee: Marc Giger
> Fix For: Java 2.0.0
>
>
> This task is to add a secure validation switch for streaming signature processing. This property is false by default. When set to true, it enforces the following processing rules (possibly each should be separately configurable):
> a) Limits the number of Transforms per Reference to a maximum of 5.
> b) Limits the number of references per Manifest (SignedInfo) to a maximum of 30.
> c) MD5 is not allowed as a SignatureAlgorithm or DigestAlgorithm.
> d) Do not allow local or remote references
> e) Enforce maximum depth of the xml
> f) Guarantee that the dereferenced element is unique...is this already enforced?
--
This message was sent by Atlassian JIRA
(v6.2#6252)