Significantly decrease number of allowed entity expansion operations

author lajoie <lajoie@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>

Fri, 11 Jan 2008 06:53:37 +0000 (06:53 +0000)

committer lajoie <lajoie@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>

Fri, 11 Jan 2008 06:53:37 +0000 (06:53 +0000)
author lajoie <lajoie@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>
Fri, 11 Jan 2008 06:53:37 +0000 (06:53 +0000)
committer lajoie <lajoie@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>
Fri, 11 Jan 2008 06:53:37 +0000 (06:53 +0000)
diff --git a/resources/conf/internal.xml b/resources/conf/internal.xml

index 6918337..b6fe23e 100644 (file)
--- a/resources/conf/internal.xml
+++ b/resources/conf/internal.xml
@@ -63,7 +63,9 @@
                      <key>
                          <value>http://apache.org/xml/properties/security-manager</value>
                      </key>
-                    <bean id="shibboleth.XercesSecurityManager" class="org.apache.xerces.util.SecurityManager" />
+                    <bean id="shibboleth.XercesSecurityManager" class="org.apache.xerces.util.SecurityManager">
+                        <property name="entityExpansionLimit" value="1000" />
+                    </bean>
                  </entry>
              </map>
          </property>
author	lajoie <lajoie@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>
	Fri, 11 Jan 2008 06:53:37 +0000 (06:53 +0000)
committer	lajoie <lajoie@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>
	Fri, 11 Jan 2008 06:53:37 +0000 (06:53 +0000)