ws-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Colm O hEigeartaigh (JIRA)" <j...@apache.org>
Subject [jira] [Created] (WSS-533) Also use signing key when trying to detect message replay attacks
Date Wed, 15 Apr 2015 10:25:00 GMT
Colm O hEigeartaigh created WSS-533:
---------------------------------------

             Summary: Also use signing key when trying to detect message replay attacks
                 Key: WSS-533
                 URL: https://issues.apache.org/jira/browse/WSS-533
             Project: WSS4J
          Issue Type: Improvement
            Reporter: Colm O hEigeartaigh
            Assignee: Colm O hEigeartaigh
             Fix For: 2.0.4, 1.6.19, 2.1.0



Currently we use the Timestamp created value + signature value as a key to avoid message replay
attacks. However it's possible that we could have two signatures in the security header that
sign the Timestamp, but with different keys. This task is to add the hashed encoded version
of the key as part of the caching key to allow for this scenario.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ws.apache.org
For additional commands, e-mail: dev-help@ws.apache.org


Mime
View raw message