Adding a new property,

http://apache.org/xml/properties/security-manager, with
appropriate getSecurityManager/setSecurityManager methods on DOM
and SAX parsers.  Also adding a new SecurityManager class.

The purpose of these modifications is to permit applications a
means to have the parser reject documents whose processing would
otherwise consume large amounts of system resources.  Malicious
use of such documents could be used to launch a denial-of-service
attack against a system running the parser.  Initially, the
SecurityManager only knows about attacks that can result from
exponential entity expansion; this is the only known attack that
involves processing a single XML document.  Other, simlar attacks
can be launched if arbitrary schemas may be parsed; there already
exist means (via use of the EntityResolver interface) by which
applications can deny processing of untrusted schemas.  In future,
the SecurityManager will be expanded to take these other exploits
into account.


git-svn-id: https://svn.apache.org/repos/asf/xerces/c/trunk@174904 13f79535-47bb-0310-9956-ffa450edef68