axis-c-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kaushalye Kapuruge <kausha...@wso2.com>
Subject Re: [Axis2] Rampart callback module security
Date Wed, 22 Nov 2006 05:47:04 GMT
Hi,
The callback mechanism is implemented for users to specify their own 
ways to manage passwords.
Samples in rampart callbacks are just to provide a guide for users to 
write their own callback modules.
You may use a different validation before returning the password. 
Something like validation before extracting the password from a 
database.  These are beyond the scope of rampart. But I'll try to figure 
out a way to overcome your problem. May be to improve the callback 
sample a bit :). And your comments on these are more than welcome
Cheers,
Kaushalye

Dave Meier wrote:
> Hi,
>
> With the callback module that returns the password, is there a good way
> to configure
> the apache server to lock this module down so nobody else can call it?
>
> I'm concerned about it being a security hole.
>
> Thanks,
>
> -Dave.
>
>
> **********************************************************************
> This email and any files transmitted with it are confidential and
> intended solely for the use of the individual or entity to whom they
> are addressed. Any unauthorized review, use, disclosure or distribution is prohibited.
If you are not the intended recipient, please contact the sender by reply e-mail and destroy
all copies of the original message.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: axis-c-user-unsubscribe@ws.apache.org
> For additional commands, e-mail: axis-c-user-help@ws.apache.org
>
>
>   


---------------------------------------------------------------------
To unsubscribe, e-mail: axis-c-user-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-c-user-help@ws.apache.org


Mime
View raw message