You are viewing a plain text version of this content. The canonical link for it is here.
Posted to fx-dev@ws.apache.org by vi...@wipro.com on 2005/06/21 13:31:52 UTC
DoS / XML content-filtering support in WSS4J ?
Hi,
We are using WSS4J for XML encryption & signature. Apart from these basic ws-security measures, we want to protect our webservices against,
1. buffer overflow attacks,
2. denial of service attacks
3. Malformed XML content/SQL injection
Any ideas on how it could be done in Apache axis (WSS4J) would be appreciated.
Thanks in advance,
SalaiVidhya
Confidentiality Notice
The information contained in this electronic message and any attachments to this message are intended
for the exclusive use of the addressee(s) and may contain confidential or privileged information. If
you are not the intended recipient, please notify the sender at Wipro or Mailadmin@wipro.com immediately
and destroy all copies of this message and any attachments.
RE: DoS / XML content-filtering support in WSS4J ?
Posted by Abhijit Sharma <as...@amberpoint.com>.
You could have a look at some products like Forum's XWall/Sentry
http://www.forumsys.com/ They have a eval copy available - and they support
the requirements you have mentioned
Disclaimer - I am not associated in any way with Forum Systems
Regards,
Abhijit
_____
From: vidhya.salai@wipro.com [mailto:vidhya.salai@wipro.com]
Sent: Tue, June 21, 2005 5:02 PM
To: werner.dittmann@siemens.com; fx-dev@ws.apache.org
Subject: DoS / XML content-filtering support in WSS4J ?
Hi,
We are using WSS4J for XML encryption & signature. Apart from these basic
ws-security measures, we want to protect our webservices against,
1. buffer overflow attacks,
2. denial of service attacks
3. Malformed XML content/SQL injection
Any ideas on how it could be done in Apache axis (WSS4J) would be
appreciated.
Thanks in advance,
SalaiVidhya
Confidentiality Notice
The information contained in this electronic message and any attachments to
this message are intended
for the exclusive use of the addressee(s) and may contain confidential or
privileged information. If
you are not the intended recipient, please notify the sender at Wipro or
Mailadmin@wipro.com immediately
and destroy all copies of this message and any attachments.