[xmlsec] Security best practices
Aleksey Sanin
aleksey at aleksey.com
Thu Jan 15 08:21:06 PST 2015
It's a very good question. Checkout this writeup (if you haven't
seen it already):
http://www.w3.org/TR/xmldsig-bestpractices/
Aleksey
On 1/15/15 5:48 AM, Alex Boese wrote:
> Any advice for best practices against security attacks on xml signatures? I've heard a little bit about namespace attacks, xml bombs (million lol attack), and wrapper attacks. There are probably many others I am missing. Is there a set of rules (outside of the w3 standards already in place) that you adhere to? What about inherent weaknesses of the cannonicalization process?
>
> -A
> _______________________________________________
> xmlsec mailing list
> xmlsec at aleksey.com
> http://www.aleksey.com/mailman/listinfo/xmlsec
>
More information about the xmlsec
mailing list