On Fri, 24 Aug 2001, Nic Ferrier wrote:
| On Fri, Aug 24, 2001 at 11:53:40AM -0400, Mike Marchywka wrote:
| > Could you use some of the Java Cryptography(JCE) stuff over normal HTTP?
| > I'm not sure of the specifics of your situation but this may be an
| > option.
|
| Anything like that would be vulnerable to replay attacks.
Not, not if you shove in a random number, supplied from the server.
Encryot your reply with this random number, and you cannot replay that
anymore.
--
Mvh,
Endre
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
