Re: xml over https

From: Mads Rasmussen (mads_at_opencs.com.br)
Date: 02/10/05

  • Next message: John R. Morris: "Re: books or material on mail protocols"
    Date: Thu, 10 Feb 2005 10:25:11 -0300
    To: vuln-dev@securityfocus.com
    
    

    Burke, Charles wrote:

    >This web services was not using WS Security was it?
    >I am assuming the xml encryption was custom or was it provided by WSE?
    >
    >
    No WS security, not even webservices ;-)
    Just simple encryption (a .dll doing 3des encryption) of specific XML
    fields in an XML file, transported between the client and the server via
    https
    No encryption mode, that is ECB basically.

    As I said, I did a small application calling their routine to decrypt
    the fields without specifying the key.

    Mads


  • Next message: John R. Morris: "Re: books or material on mail protocols"