Yes ... this certainly can be improved to check whether we actually
received the parts that we expected or not!
Thanks,
Ruchith
On 6/28/07, Angel Todorov <[EMAIL PROTECTED]> wrote:
Hi all,
I've found this piece of code in the
RampartPolicyBasedResultsValidator.java:
int refCount = 0;
refCount += encryptedParts.size();
if(encrRefs.size() != refCount) {
throw new
RampartException("invalidNumberOfEncryptedParts",
new String[]{Integer.toString(refCount)});
}
How can you be sure that if the number is the same, the parts themselves
aren't different? This can lead to a big security compromise IMO , maybe I
am mistaken -:)
Regards,
Angel
--
www.ruchith.org
www.wso2.org
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
