Wrox Programmer Forums
Go Back   Wrox Programmer Forums > XML > BOOK: Beginning XML, 5th edition
|
BOOK: Beginning XML, 5th edition
This is the forum to discuss the Wrox book Beginning XML 5th Edition by Joe Fawcett, Danny Ayers, Liam R. E. Quin; ISBN: 978-1-1181-6213-2
Welcome to the p2p.wrox.com Forums.

You are currently viewing the BOOK: Beginning XML, 5th edition section of the Wrox Programmer to Programmer discussions. This is a community of software programmers and website developers including Wrox book authors and readers. New member registration was closed in 2019. New posts were shut off and the site was archived into this static format as of October 1, 2020. If you require technical support for a Wrox book please contact http://hub.wiley.com
 
Old November 4th, 2015, 05:58 AM
dbl dbl is offline
Registered User
 
Join Date: Nov 2015
Posts: 5
Thanks: 0
Thanked 0 Times in 0 Posts
Question Is there a risk to use DTD?

Hello,
DTD general entities are defined on chapter 4, page 110.
Although, the article available at the link hereafter tells us that hackers could use DTD general entities to make a kind of DoS attack named 'XML bomb' (see § 'XML bombs' in the article): https://msdn.microsoft.com/en-us/magazine/ee335713.aspx
Do you think that despite of this risk, we can keep on using DTDs in our XML documents or, on the contrary, do you think we should now avoid using DTDs and update our parser settings so that it does not parse DTDs anymore, or update them with some restrictions (see § 'Defending against XML bombs')?
Thank you in advance for your answer.
Kind regards.





Similar Threads
Thread Thread Starter Forum Replies Last Post
Graphics Plugin for Liquidity Risk Software? StaceyL Visual Basic 2010 General Discussion 1 June 22nd, 2011 09:40 PM
HELP! Design Review & Risk Management topics required gangestech Classic ASP Basics 1 September 7th, 2010 02:13 PM
Automated tool to convert XML from DTD to DTD lsantos2000 XSLT 2 October 17th, 2007 08:21 AM
Risk assessment of not normalizing a table mdcarr SQL Server 2000 2 January 25th, 2004 11:43 AM
Help with DTD P Keshav XML 1 September 12th, 2003 12:05 AM





Powered by vBulletin®
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.
Copyright (c) 2020 John Wiley & Sons, Inc.