Yes ... this certainly can be improved to check whether we actually received the parts that we expected or not!
Thanks, Ruchith On 6/28/07, Angel Todorov <[EMAIL PROTECTED]> wrote:
Hi all, I've found this piece of code in the RampartPolicyBasedResultsValidator.java: int refCount = 0; refCount += encryptedParts.size(); if(encrRefs.size() != refCount) { throw new RampartException("invalidNumberOfEncryptedParts", new String[]{Integer.toString(refCount)}); } How can you be sure that if the number is the same, the parts themselves aren't different? This can lead to a big security compromise IMO , maybe I am mistaken -:) Regards, Angel
-- www.ruchith.org www.wso2.org --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]