This week's giveaway is in the Android forum.
We're giving away four copies of Android Security Essentials Live Lessons and have Godfrey Nolan on-line!
See this thread for details.
The moose likes Security and the fly likes Security hole with Attachments? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Engineering » Security
Bookmark "Security hole with Attachments?" Watch "Security hole with Attachments?" New topic
Author

Security hole with Attachments?

Doug Lundin
Greenhorn

Joined: Nov 20, 2007
Posts: 1
Hello,
Some years ago I ran across an article that suggested there was a problem securing Web Service xml payloads that have attachments. Don't recall if it was based on encrypting them or what the standard context was.
I'm honestly not even sure it had to do with attachments - perhaps xml payloads in general?
Is this a historical issue or still real?
Of course, SSL can always be used but not sure the overhead penalty is where we can to go.
Any suggestions/thoughts are appreciated.
Doug
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 41150
    
  45
Welcome to JavaRanch.

I'm not sure what the problem is supposed to be; I imagine they might have been talking about the fact that a file (or more generally, binary data) gets created on the server that has slipped by any virus checkers. Especially if it's an SSL connection there's no way to check the file in transit, and even if it's not, I don't think firewalls are SOAP-smart enough to extract the file contents to check it. So one needs to be careful what happens with/to attachments.


Ping & DNS - my free Android networking tools app
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Security hole with Attachments?
 
Similar Threads
webservices vs CORBA
How to avoid special characters while reading xml through java
how to handle ampersand in web service request
soap payload max size and http post
RESTFul web service