[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [wss] Recently discover WSS security threat
Duane Nickull <dnickull@adobe.com> wrote on 06/06/2005 07:08:44 PM: > I am a bit confused by this thread. I think we all are ;-) > If an application encounters > ... > <my:header> > <my:integer>33</my:integer> > </my:header> > > all it can see is 33 as the node content, not 32. That is representative > of the current state of the fragment. Part of signature verification involves applying a set of transform algorithms. Typically these are used for canonicalization or, in the case of XPath, for selection of a subset of the fragment. Thomas is pointing out in his example that a tranform can do more than canonicalize or select, but can alter the value. > To me the conversation is moot. I cannot sing something I cannot see nor > should I. Did I miss something? You didn't miss anything. I think Thomas's example unfortunately obscures his real intent. I think he wants to use the XPath expression to filter the set of information that is passed to the application after signature processing.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]