The documentation says:
If set to true, XmlReader throws an XmlException when any DTD content is encountered. Do not enable DTD processing if you are concerned about denial of service issues or if you are dealing with untrustworthy sources.
If you have DTD processing enabled, you can use XmlSecureResolver to limit the resources that XmlReader can access. You can also create your application so that XML processing is memory and time limited. For example, configure timeout limits in an ASP.NET application.
Can someone explain the problem?
Why does a reader application want to disable DTD searches? Where is the denial of service problem if it is a reader application? What is a mention of "trust"?
thank
source
share