Functionality of XML Schema was exploited to implement many features of the security module. Some of these features are:
- WSDL Based Validation
Mechanism to prevent invalid and corrupt SOAP requests from reaching the server and limit messages to the once defined WSDLs. To achieve this, we developed an application that converted given WSDL into an XML Schema which when applied on the SOAP messages reports messages that do not conform to the WSDL definition.
- Web Services Access Control
Limits a user's access to particular services or operations defined in the WSDL file. In addition converting WSDL into a XML Schema, our schema runtime had the ability to register callbacks on any element in the XML Schema. This was used to implement ACLs for operations in the WSDL.
- SQL and Command Injection Protection
Detect and block command injection attacks, commonly hidden as valid parameters. XML Schema facets support for regular expressions was exploited to prevent SQL and Command injection.
- Schema Structural and Data-type Validation
As performance is critical for network devices, we had to provide different levels of support for XML Schema. When validation XML messages against XML Schema, we provided options to do only structural validation or structural and data-type validation. This was useful as data-type validation was too much of a performance hit for some applications.
The only thing we've run into are the DoS attacks, and those were resolved by coding in a timestamp
XML hardware accelerators: http://www.tarari.com/products.html
Powered by ScribeFire.