XML Entity Expansion explaination

sieusaopolo15 · ‎12-11-2023

In the Security Center and Instance Security Center, I noticed there is two recommendations which are "Disable Entity Expansion" and "Setting Entity Expansion Threshold". I've read the documents related to these settings but I don't really know how the attack occurs or process because a normal user (not admin) won't have privilege to use import or export records as XML to perform this kind of attack so how can I reproduce this attack inside of my personal instance to understand how it works and to know if it affecting my tables data because in the "Setting Entity Expansion Threshold" said will be limited the entity from 0 to 3000 and in my system there are tables which have a lot of columns and data. Will this change affect my tables when an admin import or export as xml ?

Maik Skoddow · ‎12-12-2023

Hi @sieusaopolo15

I'm sure you already checked all the answers and resources for that question. And unfortunately it is not an easy topic thus no easy answer is possible. I found the following two pages pretty helpful to understand it:

Maik

View solution in original post

Maik Skoddow · ‎12-12-2023

Hi @sieusaopolo15

I'm sure you already checked all the answers and resources for that question. And unfortunately it is not an easy topic thus no easy answer is possible. I found the following two pages pretty helpful to understand it:

Maik

sieusaopolo15 · ‎12-14-2023

Hi @Maik Skoddow, I've read the following pages and it really helps and I can understand now. These settings are designed to prevent attacking from backend like in Scripted REST API when we receiving the XML body when we parse the body. It is very helpful, Thanks !

Maik Skoddow · ‎12-14-2023

Glad to help!