Colm O hEigeartaigh created WSS-533:
---------------------------------------
Summary: Also use signing key when trying to detect message replay
attacks
Key: WSS-533
URL: https://issues.apache.org/jira/browse/WSS-533
Project: WSS4J
Issue Type: Improvement
Reporter: Colm O hEigeartaigh
Assignee: Colm O hEigeartaigh
Fix For: 2.0.4, 1.6.19, 2.1.0
Currently we use the Timestamp created value + signature value as a key to
avoid message replay attacks. However it's possible that we could have two
signatures in the security header that sign the Timestamp, but with different
keys. This task is to add the hashed encoded version of the key as part of the
caching key to allow for this scenario.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
