Colm O hEigeartaigh created WSS-533:
---------------------------------------
Summary: Also use signing key when trying to detect message replay attacks
Key: WSS-533
URL: https://issues.apache.org/jira/browse/WSS-533
Project: WSS4J
Issue Type: Improvement
Reporter: Colm O hEigeartaigh
Assignee: Colm O hEigeartaigh
Fix For: 2.0.4, 1.6.19, 2.1.0
Currently we use the Timestamp created value + signature value as a key to avoid message replay
attacks. However it's possible that we could have two signatures in the security header that
sign the Timestamp, but with different keys. This task is to add the hashed encoded version
of the key as part of the caching key to allow for this scenario.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ws.apache.org
For additional commands, e-mail: dev-help@ws.apache.org
|