[ http://issues.apache.org/jira/browse/AXIS2C-272?page=comments#action_12457843 ] James Clark commented on AXIS2C-272: ------------------------------------
Your solution is inefficient. Apart from inefficiency, it's wrong from a modularity point of view. There's nothing security specific in oxs_buffer. There should be a single byte stream abstraction used throughout the code base, which means it belongs in util not in rampart. A byte stream abstraction is needed because the parser needs to be able to operate directly on the result of the decryption without an additional copy. Using a single array for the entire decrypted result is bad, because you can't stream (i.e. you have to keep all of both the encrypted and decrypted text in memory), and you'll do lots of copies and reallocations. Maybe now is not the right time to fix it, but the issue is not by any stretch of the imagination "resolved". It's really not a good approach for each developer to create their own personal utility libraries in the subsystems they're responsible for. > encryption/decryption should work on streams > -------------------------------------------- > > Key: AXIS2C-272 > URL: http://issues.apache.org/jira/browse/AXIS2C-272 > Project: Axis2-C > Issue Type: Improvement > Components: rampart > Affects Versions: Current (Nightly) > Reporter: James Clark > Assigned To: Malinda Kaushalye Kapuruge > Fix For: Current (Nightly) > > > encryption/decryption should work on streams. > axis2_output_stream_t *create_encryption_stream(..., axis2_output_stream > *encrypted_stream) > Writing output on the returned stream should cause the corresponding binary > (not base64-encoded) encrypted bytes to be written to encrypted_stream. > Similarly, for decryption > axis2_input_stream *create_decryption_stream(..., axis2_input_stream > *encrypted_stream) -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]