Normally we send UsernameTokens with plain text passwords using HTTPS
Thanks, Ruchith On 3/19/07, Rich Adili <[EMAIL PROTECTED]> wrote:
I'm new to Web services so I'm learning as I bumble along. The code below signs the document correctly so that part's working. It just seems to me that passwords should never be cleartext. What does one normally do in this case, use HTTPS? -----Original Message----- From: Ruchith Fernando [mailto:[EMAIL PROTECTED] Sent: Sunday, March 18, 2007 11:58 PM To: axis-user@ws.apache.org Subject: Re: .NET passwords Hi, Can you please explain how the message should be secured? Do you want to sign the message with a key generated from the UsernameToken? Thanks, Ruchith On 3/14/07, Rich Adili <[EMAIL PROTECTED]> wrote: > What is the proper way to get a client to hash a password so that a .NET > server will accept it? The following produces cleartext (Axis2, v1.1.1): > > <module ref="rampart-1.1"/> > <parameter name="OutflowSecurity"> > <action> > <items>UsernameTokenSignature Timestamp</items> > <passwordType>PasswordDigest</passwordType> > </action> > </parameter> > > [Rich Adili] > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > -- www.ruchith.org www.wso2.org --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
-- www.ruchith.org www.wso2.org --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
