File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes Security and the fly likes Security hole with Attachments? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Engineering » Security
Bookmark "Security hole with Attachments?" Watch "Security hole with Attachments?" New topic

Security hole with Attachments?

Doug Lundin

Joined: Nov 20, 2007
Posts: 1
Some years ago I ran across an article that suggested there was a problem securing Web Service xml payloads that have attachments. Don't recall if it was based on encrypting them or what the standard context was.
I'm honestly not even sure it had to do with attachments - perhaps xml payloads in general?
Is this a historical issue or still real?
Of course, SSL can always be used but not sure the overhead penalty is where we can to go.
Any suggestions/thoughts are appreciated.
Ulf Dittmer

Joined: Mar 22, 2005
Posts: 42965
Welcome to JavaRanch.

I'm not sure what the problem is supposed to be; I imagine they might have been talking about the fact that a file (or more generally, binary data) gets created on the server that has slipped by any virus checkers. Especially if it's an SSL connection there's no way to check the file in transit, and even if it's not, I don't think firewalls are SOAP-smart enough to extract the file contents to check it. So one needs to be careful what happens with/to attachments.
jQuery in Action, 3rd edition
subject: Security hole with Attachments?
It's not a secret anymore!