axis-c-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kaushalye Kapuruge <>
Subject Re: [Axis2] Rampart callback module security
Date Wed, 22 Nov 2006 05:47:04 GMT
The callback mechanism is implemented for users to specify their own 
ways to manage passwords.
Samples in rampart callbacks are just to provide a guide for users to 
write their own callback modules.
You may use a different validation before returning the password. 
Something like validation before extracting the password from a 
database.  These are beyond the scope of rampart. But I'll try to figure 
out a way to overcome your problem. May be to improve the callback 
sample a bit :). And your comments on these are more than welcome

Dave Meier wrote:
> Hi,
> With the callback module that returns the password, is there a good way
> to configure
> the apache server to lock this module down so nobody else can call it?
> I'm concerned about it being a security hole.
> Thanks,
> -Dave.
> **********************************************************************
> This email and any files transmitted with it are confidential and
> intended solely for the use of the individual or entity to whom they
> are addressed. Any unauthorized review, use, disclosure or distribution is prohibited.
If you are not the intended recipient, please contact the sender by reply e-mail and destroy
all copies of the original message.
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> For additional commands, e-mail:

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message