| XML解析安全问题及对策研究 |
| |
| 引用本文: | 顾韵华,刘丹,王兴.XML解析安全问题及对策研究[J].计算机安全,2009(11):50-52. |
| |
| 作者姓名: | 顾韵华 刘丹 王兴 |
| |
| 作者单位: | 南京信息工程人学,计算机与软件学院,江苏,南京,210044 |
| |
| 摘 要: | 基于DOM模型的解析是多数XML文档处理系统所采用的技术,文档解析中在对DTD、XML注释以及XML结点的处理存在着一些漏洞,导致系统在解析那些利用了这些漏洞的恶意XML文档过程中易遭到攻击,分析了漏洞产生的原因,并提出相应的防御方法。
|
| 关 键 词: | DOM XML解析 安全 |
Security of XML Parse Based on DOM and Its Solution |
| |
| GU Yun-hua,LIU Dan,WANG Xing.Security of XML Parse Based on DOM and Its Solution[J].Network & Computer Security,2009(11):50-52. |
| |
| Authors: | GU Yun-hua LIU Dan WANG Xing |
| |
| Affiliation: | (School of Computer and Software, IVanding University of Informatlon Science and Technology, Nanjing, Jiangsu, 210044, China) |
| |
| Abstract: | Most XML document processing systems adopt W3C DOM to parse XML documents. There are some bugs when XML document parse system based on DOM deals with DTD, XML comments and XML nodes. Once the bugs are used by malicious XML documents, system will be attacked when it parses them. The paper points out three problems exist in XML parse based on DOM, analyzes why the system is attacked and offers methods of defending it. |
| |
| Keywords: | DOM |
| 本文献已被 维普 万方数据 等数据库收录! |
|
