(github.blog)

312 points campuscodi | 1 comments | 15 Mar 25 19:06 UTC | HN request time: 0.225s | source

Show context

oncallthrow ◴[15 Mar 25 19:16 UTC] No.43374582[source]▶

>>43374519 (OP) #

XML is to authentication bypasses what C is to buffer overflow attacks

replies(4): >>43374583 #>>43374813 #>>43375202 #>>43375808 #

dietr1ch ◴[15 Mar 25 19:57 UTC] No.43374813[source]▶

>>43374582 #

Sad that XML has too many features for an otherwise somewhat nice, but verbose markup language.

replies(2): >>43374910 #>>43374941 #

treve ◴[15 Mar 25 20:20 UTC] No.43374910[source]▶

>>43374813 #

Feature are kind of a negative for security. Imagine if yaml was used!

replies(1): >>43374958 #

alexchamberlain ◴[15 Mar 25 20:30 UTC] No.43374958[source]▶

>>43374910 #

I think there is a "safe" subset of both XML and YAML that 80% of people actually use.

replies(2): >>43374973 #>>43375111 #

bawolff ◴[15 Mar 25 20:33 UTC] No.43374973[source]▶

>>43374958 #

From a security perspective that's kind of useless, as your concern is not what the "good" people do, it's what the "bad" people do.

replies(1): >>43375093 #

alexchamberlain ◴[15 Mar 25 20:54 UTC] No.43375093[source]▶

>>43374973 #

Well, you can define such a subset and write or configure parsers to only use that; I've seen both XML and YAML libraries do just that, by disabling remote file loading or arbitrary code execution for example.

replies(1): >>43375465 #

1. bawolff ◴[15 Mar 25 22:11 UTC] No.43375465[source]▶

>>43375093 #

Disabling xml remote entities and billion laughs is a given.

In the context of saml that's hardly the least of it. Lots of the problems are things like allowing comments to sort of change the meaning of the document, allowing signatures to sign only part of the document. Allowing multiple signatures to sign different parts of the document, etc.

↑

Sign in as anyone: Bypassing SAML SSO authentication with parser differentials