[Python-Dev] xml.sax and xml.dom fetch DTDs by default (was XML DoS vulnerabilities and exploits in Python) (original) (raw)

Paul Boddie paul at boddie.org.uk
Fri Feb 22 00:47:08 CET 2013

• Previous message: [Python-Dev] Postponing acceptance of PEP 426
• Next message: [Python-Dev] xml.sax and xml.dom fetch DTDs by default
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Perhaps related to the discussion of denial-of-service vulnerabilities is the matter of controlling access to remote resources. I suppose that after the following bug was closed, no improvements were made to the standard library:

http://bugs.python.org/issue2124

Do Python programs still visit the W3C site millions of times every day to download DTDs that they are not, by default, able to remember from their last visit?

Paul

• Previous message: [Python-Dev] Postponing acceptance of PEP 426
• Next message: [Python-Dev] xml.sax and xml.dom fetch DTDs by default
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Python-Dev mailing list