Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

As a step to increase the security of  we have decided to disallow the usage of external schemas for xml in Ultra and Web Services. This can potentially break configurations when upgrading, but it should also be a trivial thing to fix.

We recommend removing references to external DTD files, external stylesheets and external schemas. All these will however not break existing configurations, that is isolated to the external DTD files.

Ultra

Using the example in /wiki/spaces/MD82/pages/3781736 with a slight modification.

 xml_schema {
     <?xml version="1.0" encoding="ISO-8859-1"?>
     <!DOCTYPE note SYSTEM "note.dtd">
     <schema xmlns = "http://www.w3.org/2001/XMLSchema">
        <element name="TRANSACTION_LOG">
          <complexType>
              <sequence>
                 <element ref="TRANSACTION" maxOccurs="unbounded"/>
              </sequence>
          </complexType>
        </element>
       <element name="TRANSACTION">
          <complexType>
			 <attribute name="TXID" type="string" use="required"/>
             <sequence>
                <element name="USER" type="string" minOccurs="1" maxOccurs="1"/>
                <element name="IP" type="string" minOccurs="1" maxOccurs="1"/>
                <element name="ITEM" type="string" minOccurs="1" maxOccurs="1"/>
                <element name="VALUE" type="long" minOccurs="1" maxOccurs="1"/>
                <element name="TIMESTAMP" type="dateTime" minOccurs="1" maxOccurs="1"/>
                <element name="CURRENCY" type="string" minOccurs="1" maxOccurs="1"/>
                <element name="MISC" type="string" minOccurs="0" maxOccurs="unbounded"/>
            </sequence>
         </complexType>
       </element>
    </schema>
};

If we were to use the example above, this would not work. The change required would be to remove the following row:

 <!DOCTYPE note SYSTEM "note.dtd">

When validating the xml schema we are not validating with the dtd, so there are no changes to functionality.

Web Services

There are no difference between Web Services and Ultra in how these changes have been implemented. So much like above there might be compatibility issues when upgrading. Please refer to the types we recommend removing above when troubleshooting your WSDL files.

  • No labels