[Python-Dev] XML DoS vulnerabilities and exploits in Python (original) (raw)
Christian Heimes christian at python.org
Wed Feb 20 22:55:57 CET 2013
- Previous message: [Python-Dev] XML DoS vulnerabilities and exploits in Python
- Next message: [Python-Dev] XML DoS vulnerabilities and exploits in Python
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Am 20.02.2013 21:17, schrieb Maciej Fijalkowski:
On Wed, Feb 20, 2013 at 8:24 PM, Christian Heimes <christian at python.org> wrote:
Am 20.02.2013 17:25, schrieb Benjamin Peterson:
Are these going to become patches for Python, too?
I'm working on it. The patches need to be discussed as they break backward compatibility and AFAIK XML standards, too. That's not very good. XML parsers are supposed to parse XML according to standards. Is the goal to have them actually do that, or just address DDOS issues?
But the standard is flawed.
It's not a distributed DoS issue, it's a severe DoS vulnerabilities. A single 1 kB XML document can kill virtually any machine, even servers with more than hundred GB RAM.
- Previous message: [Python-Dev] XML DoS vulnerabilities and exploits in Python
- Next message: [Python-Dev] XML DoS vulnerabilities and exploits in Python
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]