Significantly decrease number of allowed entity expansion operations
authorlajoie <lajoie@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>
Fri, 11 Jan 2008 06:53:37 +0000 (06:53 +0000)
committerlajoie <lajoie@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>
Fri, 11 Jan 2008 06:53:37 +0000 (06:53 +0000)
git-svn-id: https://subversion.switch.ch/svn/shibboleth/java-idp/trunk@2555 ab3bd59b-922f-494d-bb5f-6f0a3c29deca

resources/conf/internal.xml

index 6918337..b6fe23e 100644 (file)
@@ -63,7 +63,9 @@
                     <key>
                         <value>http://apache.org/xml/properties/security-manager</value>
                     </key>
-                    <bean id="shibboleth.XercesSecurityManager" class="org.apache.xerces.util.SecurityManager" />
+                    <bean id="shibboleth.XercesSecurityManager" class="org.apache.xerces.util.SecurityManager">
+                        <property name="entityExpansionLimit" value="1000" />
+                    </bean>
                 </entry>
             </map>
         </property>