Software update that prevents the processing of XML messages that contain DTDs for .NET Framework 1.1 (826231)


The information in this article applies to:

  • Microsoft .NET Framework 1.1
  • Microsoft Web Services (included with the .NET Framework 1.1)
  • Microsoft COM+ 1.5

SUMMARY

This article discusses a software update that allows the following technologies to reject the processing of XML messages that contain document type definitions (DTDs):
  • Microsoft ASP.NET Web Services (server side only)
  • Microsoft .NET Remoting (only when used with the SoapFormatter class)
  • System.Messaging (only when used with the XmlMessageFormatter class)
  • COM+ 1.5 (only when used with SOAP activation)
    Note By default, SOAP activation is not enabled for COM+ applications.

RESOLUTION

You can download the software update to reject the processing of XML messages that contain DTDs for .NET Framework 1.1 from the following location:

.NET Framework 1.1 Temporary File Explosion on Sharepoint Servers - Windows Server 2003
http://www.microsoft.com/downloads/details.aspx?FamilyID=62fa5aad-dc25-491c-8944-3b2920c9fc64&DisplayLang=en

If you are using .NET Framework 1.0, you are encouraged to upgrade to .NET Framework 1.1 and download and apply the software update.

MORE INFORMATION

DTDs define the rules that describe the structure of XML documents and that can be used to validate the structure of those documents. When the XML 1.0 specification was originally created, the DTD syntax, which is not XML-based, was inherited from earlier markup languages, such as Standard Generalized Markup Language (SGML) and HTML.

An XML namespace is a mechanism for uniquely qualifying element names and attribute names that are used in XML documents. DTDs do not fully support XML namespaces. The process that is used to parse DTDs does not enforce adherence to a namespace. As an alternative to DTDs, you can describe the XML document structure by using the World Wide Web Consortium (W3C) XML Schema language. The W3C XML Schema language offers the same benefits as DTDs, but it also resolves some of the limitations of DTDs. DTDs may be useful when you work with XML applications that are based on the XML 1.0 specification and that do not support XML schemas.

In some cases, you may want to reject XML messages that contain DTDs. For example, the SOAP 1.1 specification states that a SOAP message must not contain a DTD. Therefore, a SOAP processor can reject any SOAP message that contains a DTD. To automatically reject XML messages that contain DTDs, the technologies use a new XmlTextReader property that is named ProhibitDtd. When the ProhibitDtd property is set to true, this property causes the XmlTextReader to throw an exception if a DTD is encountered while parsing.

For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

824684 Description of the standard terminology that is used to describe Microsoft software


REFERENCES

For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

832878 Microsoft Web services security resources



For more information, visit the following Web sites:

SOAP 1.1 specification
http://www.w3.org/TR/soap/

XML 1.0 specification
http://www.w3.org/TR/REC-xml

XML Schema specification index page
http://www.w3.org/XML/Schema#dev

Modification Type:MinorLast Reviewed:10/25/2005
Keywords:kbHotfixServer kbQFE kbinfo kbfix kbbug KB826231 kbAudDeveloper
©2004 Microsoft Corporation. All rights reserved.