Details
-
Improvement
-
Status: Closed
-
Major
-
Resolution: Fixed
-
None
-
Security Level: Public (Public issues, viewable by everyone)
-
None
Description
This task is to add a secure validation switch for streaming signature processing. This property is false by default. When set to true, it enforces the following processing rules (possibly each should be separately configurable):
a) Limits the number of Transforms per Reference to a maximum of 5.
b) Limits the number of references per Manifest (SignedInfo) to a maximum of 30.
c) MD5 is not allowed as a SignatureAlgorithm or DigestAlgorithm.
d) Do not allow local or remote references
e) Enforce maximum depth of the xml
f) Guarantee that the dereferenced element is unique...is this already enforced?
Attachments
Issue Links
- relates to
-
SANTUARIO-290 Add a secure validation switch for signature processing
- Closed