You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@santuario.apache.org by "Marc Giger (JIRA)" <ji...@apache.org> on 2012/07/31 17:57:34 UTC

[jira] [Commented] (SANTUARIO-327) Add a secure validation switch for streaming signature processing

    [ https://issues.apache.org/jira/browse/SANTUARIO-327?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13425866#comment-13425866 ] 

Marc Giger commented on SANTUARIO-327:
--------------------------------------

Hi Colm,

Just for discussion:

Shouldn't we enable secure processing by default? I think a lot of santuario users aren't aware of the security issues that the xml-sec standard implies.

If we throw an exception / log the violation with an detailed message we can give the user a hint how he can disable the check. E.g "Maximum number of allowed references exceeded. You can raise the maximum allowed references via the secureProcessing.maximumNumberOfReferences in the configuration".

Whats with the "Guarantee that the dereferenced element is unique...is this already enforced? "
Yes this is already enforced. Should we really allow to disable this check?
                
> Add a secure validation switch for streaming signature processing
> -----------------------------------------------------------------
>
>                 Key: SANTUARIO-327
>                 URL: https://issues.apache.org/jira/browse/SANTUARIO-327
>             Project: Santuario
>          Issue Type: Improvement
>          Components: Java
>            Reporter: Colm O hEigeartaigh
>            Assignee: Colm O hEigeartaigh
>             Fix For: Java 2.0.0
>
>
> This task is to add a secure validation switch for streaming signature processing. This property is false by default. When set to true, it enforces the following processing rules (possibly each should be separately configurable):
>    a) Limits the number of Transforms per Reference to a maximum of 5.
>    b) Limits the number of references per Manifest (SignedInfo) to a maximum of 30.
>    c) MD5 is not allowed as a SignatureAlgorithm or DigestAlgorithm.
>    d) Do not allow local or remote references
>    e) Enforce maximum depth of the xml
>    f) Guarantee that the dereferenced element is unique...is this already enforced?

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira