IBM DataPower XI50 - More security problems
A colleague forwarded me this link which highlights what appears to be a severe memory limitation with the IBM DataPower XI50. It appears that the device is having trouble applying an XML digital signature to a 100MB XML file.
This brings back the issue of using knowledge of the complexities involved in XML digital signatures to execute a Denial of Service (DoS) attack. Using this information an attacker could search for a DataPower device currently performing XML signatures on much smaller documents and take down the box with a single large document. I guess you might say this post highlights not one, but two problems with IBM DataPower: (a) The fact that it can't handle digital signatures on large XML, and (b) The fact that this fact results in a potential DoS vulernability.
Posted by Blake Dournaee
on 5:46 PM
5 comments:
This information is inaccurate.
Yep, and alarmist. Maybe he was speaking philosophically. If the service being discussed in the forum were not suffering from design problems and signatures were not being misused then there might be a problem, so in the purest sense of the Platonic forms, there is definitely a problem somewhere outside his cave. He can see its shadow.
Is it really true? I think that IBM might have worked out this till now.Can you tell that what was the actual reason that caused this issue.
Not sure if IBM has fixed this limitation or not, but generally I don't see the xi50 use case as being any different than any more primitive messaging system. The size of the messages should be kept small for routing/evaluation/etc but beefy payload should be passed in a shared store and the pointer to it passed in the ESB messages. See Claim Check pattern.
Got more information about security problem about datapower X150.
IBM Data Power Training in Chennai
IBM Websphere Message Broker Training in Chennai
Websphere MQ Training in Chennai
Post a Comment