You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-dev@axis.apache.org by Ruchith Fernando <ru...@gmail.com> on 2007/07/11 10:29:55 UTC
Re: [rampart] PolicyBasedResultsValidator
Yes ... this certainly can be improved to check whether we actually
received the parts that we expected or not!
Thanks,
Ruchith
On 6/28/07, Angel Todorov <at...@gmail.com> wrote:
> Hi all,
>
> I've found this piece of code in the
> RampartPolicyBasedResultsValidator.java:
>
> int refCount = 0;
>
> refCount += encryptedParts.size();
>
> if(encrRefs.size() != refCount) {
> throw new
> RampartException("invalidNumberOfEncryptedParts",
> new String[]{Integer.toString(refCount)});
> }
>
>
> How can you be sure that if the number is the same, the parts themselves
> aren't different? This can lead to a big security compromise IMO , maybe I
> am mistaken -:)
>
> Regards,
> Angel
>
--
www.ruchith.org
www.wso2.org
---------------------------------------------------------------------
To unsubscribe, e-mail: axis-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-dev-help@ws.apache.org