In the documentation for securely consuming web services with WCF they state that it

Question

0

Asked: May 16, 20262026-05-16T21:00:49+00:00 2026-05-16T21:00:49+00:00

In the documentation for securely consuming web services with WCF they state that it

0

In the documentation for securely consuming web services with WCF they state that it is recommended that you prohibit the DTD when consuming the metadata. Why is the DTD a security risk?

http://msdn.microsoft.com/en-us/library/ms734741.aspx

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-16T21:00:50+00:00

Editorial Team

2026-05-16T21:00:50+00:00Added an answer on May 16, 2026 at 9:00 pm

http://msdn.microsoft.com/en-us/magazine/ee335713.aspx

The easiest way to defend against all types of XML entity attacks is
to simply disable altogether the use of inline DTD schemas in your XML
parsing objects. This is a straightforward application of the
principle of attack surface reduction: if you’re not using a feature,
turn it off so that attackers won’t be able to abuse it.

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

In the documentation for securely consuming web services with WCF they state that it

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply