You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@santuario.apache.org by "Colm O hEigeartaigh (JIRA)" <ji...@apache.org> on 2012/09/17 15:00:11 UTC
[jira] [Commented] (SANTUARIO-327) Add a secure validation switch
for streaming signature processing
[ https://issues.apache.org/jira/browse/SANTUARIO-327?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13456983#comment-13456983 ]
Colm O hEigeartaigh commented on SANTUARIO-327:
-----------------------------------------------
The fix looks good to me!
Thanks,
Colm.
> Add a secure validation switch for streaming signature processing
> -----------------------------------------------------------------
>
> Key: SANTUARIO-327
> URL: https://issues.apache.org/jira/browse/SANTUARIO-327
> Project: Santuario
> Issue Type: Improvement
> Components: Java
> Reporter: Colm O hEigeartaigh
> Assignee: Marc Giger
> Fix For: Java 2.0.0
>
>
> This task is to add a secure validation switch for streaming signature processing. This property is false by default. When set to true, it enforces the following processing rules (possibly each should be separately configurable):
> a) Limits the number of Transforms per Reference to a maximum of 5.
> b) Limits the number of references per Manifest (SignedInfo) to a maximum of 30.
> c) MD5 is not allowed as a SignatureAlgorithm or DigestAlgorithm.
> d) Do not allow local or remote references
> e) Enforce maximum depth of the xml
> f) Guarantee that the dereferenced element is unique...is this already enforced?
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira