XSD Security


This topic describes security issues associated with MSXML XSD and the SchemaCache class. In addition, it provides some guidance for mitigating security exposure.

The following sections describe important XSD security issues. They are not listed in any significant order. You should familiarize yourself with all the issues discussed, and address them in your applications.

Only Load Schemas from Trusted Sources

You should not call SchemaCache.Add with schemas loaded from untrusted URLs. Only schemas from trusted sources and known, trusted locations should be loaded into the cache. It is not recommended that the XMLSchemaCache be exposed directly in untrusted scenarios where security and availability are important. If you do so, you will be susceptible to Denial of Service attacks.

Do Not Allow Inline Schemas or Resolution of External Schemas

Do not use inline schemas or allow resolution of external schemas for the most secure configuration. For more information, see DOM Security and SAX2 Security.

Security Settings of Included Files Match the Base Document

If a document or node is added to XMLSchemaCache, its security settings are used to resolve any "include", "redefine", or "import" elements. Therefore, it is important to set the security settings (secureBaseUrl and security options) of the included document or node properly.

Error Messages May Reveal Data

Certain types of threats require that you program your application in certain ways. For example, the description of an error may reveal data such as the data being transformed. Errors may also reveal file names. Error messages should not be exposed to callers that are not trusted. You should catch all errors and report errors with your own custom error messages.

MSXML Security Overview