You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@santuario.apache.org by "Colm O hEigeartaigh (JIRA)" <ji...@apache.org> on 2012/07/16 16:04:34 UTC
[jira] [Created] (SANTUARIO-327) Add a secure validation switch for
streaming signature processing
Colm O hEigeartaigh created SANTUARIO-327:
---------------------------------------------
Summary: Add a secure validation switch for streaming signature processing
Key: SANTUARIO-327
URL: https://issues.apache.org/jira/browse/SANTUARIO-327
Project: Santuario
Issue Type: Improvement
Reporter: Colm O hEigeartaigh
Assignee: Colm O hEigeartaigh
Fix For: Java 2.0.0
This task is to add a secure validation switch for streaming signature processing. This property is false by default. When set to true, it enforces the following processing rules (possibly each should be separately configurable):
a) Limits the number of Transforms per Reference to a maximum of 5.
b) Limits the number of references per Manifest (SignedInfo) to a maximum of 30.
c) MD5 is not allowed as a SignatureAlgorithm or DigestAlgorithm.
d) Do not allow local or remote references
e) Enforce maximum depth of the xml
f) Guarantee that the dereferenced element is unique...is this already enforced?
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (SANTUARIO-327) Add a secure validation switch
for streaming signature processing
Posted by "Colm O hEigeartaigh (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SANTUARIO-327?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13426729#comment-13426729 ]
Colm O hEigeartaigh commented on SANTUARIO-327:
-----------------------------------------------
> Shouldn't we enable secure processing by default? I think a lot of santuario users aren't aware of the security issues that the xml-sec standard
> implies.
Yep no objections here. It was turned off by default in 1.5.x so as not to break things for users upgrading from 1.4.x.
> If we throw an exception / log the violation with an detailed message we can give the user a hint how he can disable the check.
Sure.
> Yes this is already enforced. Should we really allow to disable this check?
I guess not. It adds a bit of overhead in the DOM Case, as it involves checking the document element for duplicate ID's, which is why you can disable it.
Colm.
> Add a secure validation switch for streaming signature processing
> -----------------------------------------------------------------
>
> Key: SANTUARIO-327
> URL: https://issues.apache.org/jira/browse/SANTUARIO-327
> Project: Santuario
> Issue Type: Improvement
> Components: Java
> Reporter: Colm O hEigeartaigh
> Assignee: Colm O hEigeartaigh
> Fix For: Java 2.0.0
>
>
> This task is to add a secure validation switch for streaming signature processing. This property is false by default. When set to true, it enforces the following processing rules (possibly each should be separately configurable):
> a) Limits the number of Transforms per Reference to a maximum of 5.
> b) Limits the number of references per Manifest (SignedInfo) to a maximum of 30.
> c) MD5 is not allowed as a SignatureAlgorithm or DigestAlgorithm.
> d) Do not allow local or remote references
> e) Enforce maximum depth of the xml
> f) Guarantee that the dereferenced element is unique...is this already enforced?
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Assigned] (SANTUARIO-327) Add a secure validation switch
for streaming signature processing
Posted by "Marc Giger (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SANTUARIO-327?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Marc Giger reassigned SANTUARIO-327:
------------------------------------
Assignee: Marc Giger (was: Colm O hEigeartaigh)
> Add a secure validation switch for streaming signature processing
> -----------------------------------------------------------------
>
> Key: SANTUARIO-327
> URL: https://issues.apache.org/jira/browse/SANTUARIO-327
> Project: Santuario
> Issue Type: Improvement
> Components: Java
> Reporter: Colm O hEigeartaigh
> Assignee: Marc Giger
> Fix For: Java 2.0.0
>
>
> This task is to add a secure validation switch for streaming signature processing. This property is false by default. When set to true, it enforces the following processing rules (possibly each should be separately configurable):
> a) Limits the number of Transforms per Reference to a maximum of 5.
> b) Limits the number of references per Manifest (SignedInfo) to a maximum of 30.
> c) MD5 is not allowed as a SignatureAlgorithm or DigestAlgorithm.
> d) Do not allow local or remote references
> e) Enforce maximum depth of the xml
> f) Guarantee that the dereferenced element is unique...is this already enforced?
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (SANTUARIO-327) Add a secure validation switch
for streaming signature processing
Posted by "Colm O hEigeartaigh (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SANTUARIO-327?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13456983#comment-13456983 ]
Colm O hEigeartaigh commented on SANTUARIO-327:
-----------------------------------------------
The fix looks good to me!
Thanks,
Colm.
> Add a secure validation switch for streaming signature processing
> -----------------------------------------------------------------
>
> Key: SANTUARIO-327
> URL: https://issues.apache.org/jira/browse/SANTUARIO-327
> Project: Santuario
> Issue Type: Improvement
> Components: Java
> Reporter: Colm O hEigeartaigh
> Assignee: Marc Giger
> Fix For: Java 2.0.0
>
>
> This task is to add a secure validation switch for streaming signature processing. This property is false by default. When set to true, it enforces the following processing rules (possibly each should be separately configurable):
> a) Limits the number of Transforms per Reference to a maximum of 5.
> b) Limits the number of references per Manifest (SignedInfo) to a maximum of 30.
> c) MD5 is not allowed as a SignatureAlgorithm or DigestAlgorithm.
> d) Do not allow local or remote references
> e) Enforce maximum depth of the xml
> f) Guarantee that the dereferenced element is unique...is this already enforced?
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (SANTUARIO-327) Add a secure validation switch
for streaming signature processing
Posted by "Marc Giger (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SANTUARIO-327?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13425866#comment-13425866 ]
Marc Giger commented on SANTUARIO-327:
--------------------------------------
Hi Colm,
Just for discussion:
Shouldn't we enable secure processing by default? I think a lot of santuario users aren't aware of the security issues that the xml-sec standard implies.
If we throw an exception / log the violation with an detailed message we can give the user a hint how he can disable the check. E.g "Maximum number of allowed references exceeded. You can raise the maximum allowed references via the secureProcessing.maximumNumberOfReferences in the configuration".
Whats with the "Guarantee that the dereferenced element is unique...is this already enforced? "
Yes this is already enforced. Should we really allow to disable this check?
> Add a secure validation switch for streaming signature processing
> -----------------------------------------------------------------
>
> Key: SANTUARIO-327
> URL: https://issues.apache.org/jira/browse/SANTUARIO-327
> Project: Santuario
> Issue Type: Improvement
> Components: Java
> Reporter: Colm O hEigeartaigh
> Assignee: Colm O hEigeartaigh
> Fix For: Java 2.0.0
>
>
> This task is to add a secure validation switch for streaming signature processing. This property is false by default. When set to true, it enforces the following processing rules (possibly each should be separately configurable):
> a) Limits the number of Transforms per Reference to a maximum of 5.
> b) Limits the number of references per Manifest (SignedInfo) to a maximum of 30.
> c) MD5 is not allowed as a SignatureAlgorithm or DigestAlgorithm.
> d) Do not allow local or remote references
> e) Enforce maximum depth of the xml
> f) Guarantee that the dereferenced element is unique...is this already enforced?
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Resolved] (SANTUARIO-327) Add a secure validation switch
for streaming signature processing
Posted by "Marc Giger (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SANTUARIO-327?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Marc Giger resolved SANTUARIO-327.
----------------------------------
Resolution: Fixed
Resolved in r1384467
> Add a secure validation switch for streaming signature processing
> -----------------------------------------------------------------
>
> Key: SANTUARIO-327
> URL: https://issues.apache.org/jira/browse/SANTUARIO-327
> Project: Santuario
> Issue Type: Improvement
> Components: Java
> Reporter: Colm O hEigeartaigh
> Assignee: Marc Giger
> Fix For: Java 2.0.0
>
>
> This task is to add a secure validation switch for streaming signature processing. This property is false by default. When set to true, it enforces the following processing rules (possibly each should be separately configurable):
> a) Limits the number of Transforms per Reference to a maximum of 5.
> b) Limits the number of references per Manifest (SignedInfo) to a maximum of 30.
> c) MD5 is not allowed as a SignatureAlgorithm or DigestAlgorithm.
> d) Do not allow local or remote references
> e) Enforce maximum depth of the xml
> f) Guarantee that the dereferenced element is unique...is this already enforced?
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (SANTUARIO-327) Add a secure validation switch for
streaming signature processing
Posted by "Colm O hEigeartaigh (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SANTUARIO-327?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Colm O hEigeartaigh updated SANTUARIO-327:
------------------------------------------
Component/s: Java
> Add a secure validation switch for streaming signature processing
> -----------------------------------------------------------------
>
> Key: SANTUARIO-327
> URL: https://issues.apache.org/jira/browse/SANTUARIO-327
> Project: Santuario
> Issue Type: Improvement
> Components: Java
> Reporter: Colm O hEigeartaigh
> Assignee: Colm O hEigeartaigh
> Fix For: Java 2.0.0
>
>
> This task is to add a secure validation switch for streaming signature processing. This property is false by default. When set to true, it enforces the following processing rules (possibly each should be separately configurable):
> a) Limits the number of Transforms per Reference to a maximum of 5.
> b) Limits the number of references per Manifest (SignedInfo) to a maximum of 30.
> c) MD5 is not allowed as a SignatureAlgorithm or DigestAlgorithm.
> d) Do not allow local or remote references
> e) Enforce maximum depth of the xml
> f) Guarantee that the dereferenced element is unique...is this already enforced?
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira