Details

    • Type: Sub-task
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: None
    • Labels:
      None
    • Issue & fix info:
      Newcomer

      Description

      We should add some regression tests demonstrating that
      Derby is no longer vulnerable to an XXE assault.

      One possibility would be to have a example using a local
      file disclosure.

      Another possibility would be to have example based on the
      well-known "Billion Laughs" denial of service attack.

        Attachments

        1. vtiTests2.diff
          10 kB
          Bryan Pendleton
        2. vtiTests.diff
          9 kB
          Bryan Pendleton
        3. error-stacktrace.out
          7 kB
          Bryan Pendleton
        4. readPasswordFile.diff
          5 kB
          Bryan Pendleton
        5. billionLaughs.diff
          2 kB
          Bryan Pendleton

          Activity

            People

            • Assignee:
              mac777 Abhinav Gupta
              Reporter:
              bryanpendleton Bryan Pendleton
            • Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: