Hi All, Following is the diagram given by ESB about how it provides integrity for a service. (Securing a service using basic scenario No. 3)
[image: Inline image 1] According to the diagram, client uses a generated symmetric key to sign the message, encrypts the used key using server's public key and sends along with the message. But, I cannot understand how this provides integrity. As I see, someone can intercept the message sent by the client, alter the message, generate a new symmetric key, sign the altered message using this key, encrypt the key using server's public key and send along with the message without a problem. Since the original message is now altered, there's no integrity. Can somebody please explain what I have gotten wrong? Thanks -- Lahiru Chandima *Senior Software Engineer* Mobile : +94 (0) 772 253283 [email protected]
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
