[jira] Created: (RAMPART-108) Policy Validator doesn't check the transport when Transport binding is used with HttpsToken

Nandana Mihindukulasooriya (JIRA) Fri, 09 Nov 2007 00:03:15 -0800

Policy Validator doesn't check the transport when Transport binding is used 
with HttpsToken 
--------------------------------------------------------------------------------------------


                 Key: RAMPART-108
                 URL: https://issues.apache.org/jira/browse/RAMPART-108
             Project: Rampart
          Issue Type: Bug
            Reporter: Nandana Mihindukulasooriya
            Assignee: Nandana Mihindukulasooriya


When a transport security binding is used wih HttpsToken, PolicyBasedValidator 
doesn't check whether the incoming transport was HTTPS.  This allows a service 
to be accessed via HTTP ( violating the policy), if a HTTP endpoint is 
available.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Created: (RAMPART-108) Policy Validator doesn't check the transport when Transport binding is used with HttpsToken

Reply via email to