http://xml.apache.org/http://www.apache.org/http://www.w3.org/

Home

Readme
Charter
Release Info

Installation
Download
Build Instructions

FAQs
Samples
API Docs

DOM C++ Binding
Programming
Migration Guide

Feedback
Bug-Reporting
PDF Document

Source Repository
User Mail Archive
Devel Mail Archive

API Docs for SAX and DOM
 

Main Page | Class Hierarchy | Alphabetical List | Class List | Directories | File List | Class Members | File Members | Related Pages

SecurityManager Class Reference

Allow application to force the parser to behave in a security-conscious way. More...

List of all members.

Public Types

enum  { ENTITY_EXPANSION_LIMIT = 50000 }

Public Member Functions

default Constructors
 SecurityManager ()
 Default constructor.
virtual ~SecurityManager ()
 Destructor.
The Security Manager
virtual void setEntityExpansionLimit (unsigned int newLimit)
 An application should call this method when it wishes to specify a particular limit to the number of entity expansions the parser will permit in a particular document.
virtual unsigned int getEntityExpansionLimit () const
 Permits the application or a parser component to query the current limit for entity expansions.

Protected Attributes

unsigned int fEntityExpansionLimit

Detailed Description

Allow application to force the parser to behave in a security-conscious way.

There are cases in which an XML- or XmL-schema- conformant processor can be presented with documents the processing of which can involve the consumption of prohibitive amounts of system resources. Applications can attach instances of this class to parsers that they've created, via the http://apache.org/xml/properties/security-manager property.

Defaults will be provided for all known security holes. Setter methods will be provided on this class to ensure that an application can customize each limit as it chooses. Components that are vulnerable to any given hole need to be written to act appropriately when an instance of this class has been set on the calling parser.

Member Enumeration Documentation

anonymous enum
 

Enumeration values:
ENTITY_EXPANSION_LIMIT 

Constructor & Destructor Documentation

SecurityManager::SecurityManager  ) 
 

Default constructor.

virtual SecurityManager::~SecurityManager  )  [virtual]
 

Destructor.

Member Function Documentation

virtual unsigned int SecurityManager::getEntityExpansionLimit  )  const [virtual]
 

Permits the application or a parser component to query the current limit for entity expansions.

Returns:
the current setting of the entity expansion limit

virtual void SecurityManager::setEntityExpansionLimit unsigned int  newLimit  )  [virtual]
 

An application should call this method when it wishes to specify a particular limit to the number of entity expansions the parser will permit in a particular document.

The default behaviour should allow the parser to validate nearly all XML non-malicious XML documents; if an application knows that it is operating in a domain where entities are uncommon, for instance, it may wish to provide a limit lower than the parser's default.

Parameters:
newLimit the new entity expansion limit

Member Data Documentation

unsigned int SecurityManager::fEntityExpansionLimit [protected]
 

The documentation for this class was generated from the following file:


Copyright © 1994-2004 The Apache Software Foundation. All Rights Reserved.