axis-c-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Thilina Gunarathne" <>
Subject Re: MTOM and encryption
Date Mon, 03 Dec 2007 14:43:56 GMT
> I do not understand why somebody need to encrypt MTOM
> attachment.
Actually one of the main motivations behind introducing MTOM is the
ability to secure the attachments.

>But when it comes to encryption,
>the serialization of the OM node (before the crypto process), doesn't
>handle this optimization. Thus the image(or binary content) get lost.
In the case of Axis2/Java, OMText.getText() always gives a string
representation of the content. If the content is Binary, it'll
automatically base64 encode it..  Axis2/Java security only needs to
call the OMText.getText(), irrespective of whether it's a binary or
normal text..
This method also conforms to the MTOM spec, as it describes MTOM as
selectively encoding of binary data either as base64 or as XOP MIME


>AFAIU, There is no real value in MTOM message unless MTOM
> receiving endpoint. There is no point eavesdropping MTOM message I
> guess. Please bare with my limited security knowledge.
> thanks,
> Dinesh
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> For additional commands, e-mail:

Thilina Gunarathne  -

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message