axis-c-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Thilina Gunarathne" <cset...@gmail.com>
Subject Re: MTOM and encryption
Date Mon, 03 Dec 2007 14:43:56 GMT
> I do not understand why somebody need to encrypt MTOM
> attachment.
Actually one of the main motivations behind introducing MTOM is the
ability to secure the attachments.

>But when it comes to encryption,
>the serialization of the OM node (before the crypto process), doesn't
>handle this optimization. Thus the image(or binary content) get lost.
In the case of Axis2/Java, OMText.getText() always gives a string
representation of the content. If the content is Binary, it'll
automatically base64 encode it..  Axis2/Java security only needs to
call the OMText.getText(), irrespective of whether it's a binary or
normal text..
This method also conforms to the MTOM spec, as it describes MTOM as
selectively encoding of binary data either as base64 or as XOP MIME
attachments.

thanks,
Thilina

>AFAIU, There is no real value in MTOM message unless MTOM
> receiving endpoint. There is no point eavesdropping MTOM message I
> guess. Please bare with my limited security knowledge.
>
> thanks,
> Dinesh
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: axis-c-dev-unsubscribe@ws.apache.org
> For additional commands, e-mail: axis-c-dev-help@ws.apache.org
>
>



-- 
Thilina Gunarathne  - http://thilinag.blogspot.com

---------------------------------------------------------------------
To unsubscribe, e-mail: axis-c-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-c-dev-help@ws.apache.org


Mime
View raw message