In the documentation for securely consuming web services with WCF they state that it is recommended that you prohibit the DTD when consuming the metadata. Why is the DTD a security risk?
views:
23answers:
2
+2
Q:
Why is it more secure to prohibit the DTD when consuming web services with things like .Net WCF?
+1 I like this article.
Ladislav Mrnka
2010-09-06 14:55:02
:o) Thanks, I just had a friend of mine send me the same article. It is a good one.
Josh Russo
2010-09-06 15:05:39
Oh you are the friend LOL
Josh Russo
2010-09-06 15:06:04
A:
In this case there is a known denial of service exploit (see andrews answer)
However, almost anything that reduces the attack surface will improve the security.
Shiraz Bhaiji
2010-09-06 14:59:05