The documentation says: When set to true, the XmlReader throws an XmlException when any

Question

0

Asked: May 14, 20262026-05-14T02:50:06+00:00 2026-05-14T02:50:06+00:00

The documentation says: When set to true, the XmlReader throws an XmlException when any

0

When set to true, the XmlReader throws an XmlException when any DTD content is encountered. Do not enable DTD processing if you are concerned about Denial of Service issues or if you are dealing with untrusted sources.

If you have DTD processing enabled, you can use the XmlSecureResolver to restrict the resources that the XmlReader can access. You can also design your application so that the XML processing is memory and time constrained. For example, configure time-out limits in your ASP.NET application.

Can someone please explain the issue?

Why would a reader application want to prohibit the retrieval of a DTD? Where is the denial-of-service issue, if it is a reading application? What is the "trust" issue that is mentioned?

Thanks

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-14T02:50:06+00:00

Editorial Team

2026-05-14T02:50:06+00:00Added an answer on May 14, 2026 at 2:50 am

Have a look at MSDN Magazine which explains the attack related to DTD. In summary, one can create a relatively short XML file which, when expanded because of the DTD, consumes lots of MB of RAM, starving the processing machine.

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

The documentation says: When set to true, the XmlReader throws an XmlException when any

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply