| Publisher | Information Security | ||
|---|---|---|---|
| Format | 311.3KB PDF | Date added | 12 Jul 2007 |
| Topics | XML, Digital Signatures | ||
| Downloads | 16 | ||
The XML Digital Signature (XMLDSIG) and XML Encryption (XMLENC) standards are complex protocols for securing XML and other content. Among its complexities, the XMLDSIG standard specifies various "Transform" algorithms to identify, manipulate and canonicalize signed content and key material. Unfortunately, the defined transforms have not been rigorously constrained to prevent their use as attack vectors, and denial of service or even arbitrary code execution are probable in implementations that have not specifically guarded against such risks.
Did you find this white paper useful?
6 out of 15 users found this white paper useful
Related white papers
Think Globally, Act Locally: Targeting New Customers with Geolocation
When it comes to content, "one size fits all" used to be the norm and web traffic was measured in "hits". No longer. Companies that are leading the...
Introducing Xomega for XML Object Modeling and Code Generation
XML-based Model Driven Development can be a simple, but very powerful alternative to the UML-based MDA and can result in significantly increased productivity, clean and robust designs and improved system...
Oracle Primavera P6 EPPM Integrations With Web Services and Events
Primavera Web Services is an integration technology that extends P6 functionality and business objects. Based on open standards such as SOAP, XML and WSDL, Primavera Web Services enable developers to...
Radio-Research Firm Reduces Production Time and Costs With Presentation Solution
Research Director, Inc. (RDI), one of the largest radio-research consulting firms in the United States, produces large, complex presentations that provide radio-audience data for its customers once every quarter. Faced...
Testing SIP Call Flows Using XML Protocol Templates
A Session Initiation Protocol (SIP) Call Flow is a casual sequence of messages that is exchanged between interacting SIP entities. This paper presents a novel test system for SIP based...
Consortium Develops New Accessible Multimedia Tool for the Print Disabled
The DAISY Consortium develops and promotes DAISY (the Digital Accessible Information System), the world's most widely used assistive reading technology for the print disabled. The consortium wanted a solution that...
Web Server Improvements with Microsoft Server 2008
This is another in our series about Microsoft Longhorn, also known as Server 2008. In this series we break down the most important components of Longhorn and give listeners the...
