File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Security and the fly likes Security hole with Attachments? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


JavaRanch » Java Forums » Engineering » Security
Bookmark "Security hole with Attachments?" Watch "Security hole with Attachments?" New topic
Author

Security hole with Attachments?

Doug Lundin
Greenhorn

Joined: Nov 20, 2007
Posts: 1
Hello,
Some years ago I ran across an article that suggested there was a problem securing Web Service xml payloads that have attachments. Don't recall if it was based on encrypting them or what the standard context was.
I'm honestly not even sure it had to do with attachments - perhaps xml payloads in general?
Is this a historical issue or still real?
Of course, SSL can always be used but not sure the overhead penalty is where we can to go.
Any suggestions/thoughts are appreciated.
Doug
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 42039
    
  64
Welcome to JavaRanch.

I'm not sure what the problem is supposed to be; I imagine they might have been talking about the fact that a file (or more generally, binary data) gets created on the server that has slipped by any virus checkers. Especially if it's an SSL connection there's no way to check the file in transit, and even if it's not, I don't think firewalls are SOAP-smart enough to extract the file contents to check it. So one needs to be careful what happens with/to attachments.


Ping & DNS - my free Android networking tools app
 
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
 
subject: Security hole with Attachments?