[
https://issues.apache.org/jira/browse/RAMPART-42?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12496738
]
Ruchith Udayanga Fernando commented on RAMPART-42:
--------------------------------------------------
Right now the transport binding does not enforce the security required by the
transport token where we expect the transport information and other transport
configuration information has to be given at the axis2 level or enforced at the
axis2 service level.
Ideally we should introduce transport configuration assertions into the
RampartConfig assertion and then we should enforce the presence of those values
in the case where TransportBinding isused.
Thanks,
Ruchith
> TransportBinding does not encrypt the message payload
> -----------------------------------------------------
>
> Key: RAMPART-42
> URL: https://issues.apache.org/jira/browse/RAMPART-42
> Project: Rampart
> Issue Type: Bug
> Components: rampart-policy
> Affects Versions: 1.1
> Reporter: Nencho Lupanov
> Fix For: 1.3
>
>
> The transport binding does not secure the message payload.For example, run
> sampe01 of rampart and watch the payload with tcpmon.
> You will be able to see the plain text message - no transport level
> encryption.Note that tcpmon captures messages on tcp level so it should
> capture
> binary encrypted payload.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
