Hi again, Just as a quick follow-up question - this isn't strictly related to Rampart, but I hope the security gurus here will be able to offer some input - since Rampart doesn't enforce transport-level security, what is a good way of enforcing transport-level security in the application?
Would it simply be a matter of examining the endpoint string to see if it defines the https protocol? Regards, Alan. On Nov 1, 2007 5:16 AM, Nandana Mihindukulasooriya <[EMAIL PROTECTED]> wrote: > Hi Allan, > > It's using http. Is there no way enforce https, that is not to send > > the message at all if no https protocol is used? > > > I think your point is valid. I think Rampart should check the incoming > transport if we have a transport binding with https token. Can you > create a jira issue for this ? > > Regards, > Nandana >
