Thanks Rob & Dav for that. Since joining the list today, I have found people
fabulously helpful. I hope my questions have been reasonably interesting
to all.
Just about the last security issue I can think of is, and probably not for
this list ...
If I have to kill a long running transform by terminating the (Java)
thread, there
may be a memory leak (I'm using the deprecated thread stop() function) and
consequently could be vulnerable to a DOS attack and/or may have to restart
the Tomcat server.
Cheers
Justin
Do people have any advice on whether there are any other security concerns
to be aware of?
yes - result-document. I believe Saxon has a way for you to write a
resolver so that result document output can be controlled (haven't done
it).
Maybe turn off your XML parser's XInclude, Schema, DTD handling
best,
-Rob
You might want to set ALLOW_EXTERNAL_FUNCTIONS to false,
see http://www.saxonica.com/documentation/using-xsl/embedding.html
Dav
Justin Johansson
Freelance XML / XSLT / XQuery Developer
Australia
procode(at)tpg(dot)com(dot)au
--~------------------------------------------------------------------
XSL-List info and archive: http://www.mulberrytech.com/xsl/xsl-list
To unsubscribe, go to: http://lists.mulberrytech.com/xsl-list/
or e-mail: <mailto:xsl-list-unsubscribe(_at_)lists(_dot_)mulberrytech(_dot_)com>
--~--