Martin Kulov's Blog
VSTS, Oslo, INETA, ASP.NET, Debugging .NET Applications, Tips and Tricks
January 18, 2005
WSE send encrypted password
William Stacey
points out
one major problem when using SendHashed and SendNone options. They are both vulnerable to dictionary attack. As he offers to present a solution using custom UsernameTokenManager and Crypto API, I would recommend that you implement SecureConversation and use option SendPlainText. This way your calls can be automatically authorized depending on their group membership. The only drawback is that you must have server certificate, but you can always generate one with makecert.exe util.
#
posted by Martin Kulov @ 7:24 PM
Comments
|
Trackback
<< Home
Calendar
RSS
Martin Kulov's Facebook profile
Recent posts
New Year pictures
Malware online version and TITAN
AntiSpyware included in Microsoft Platform Test ma...
13 Symptoms of Unhappiness
Outlook Express rebirth
VSTS December CTP
Thread Analysis Engineer !
Stop spam
This window is busy
WSE 2.0 SP2 Final Release
History
November 2004
December 2004
January 2005
February 2005
March 2005
April 2005
May 2005
June 2005
July 2005
August 2005
September 2005
October 2005
November 2005
December 2005
January 2006
February 2006
March 2006
April 2006
May 2006
June 2006
July 2006
September 2006
October 2006
November 2006
December 2006
January 2007
February 2007
March 2007
April 2007
May 2007
June 2007
July 2007
August 2007
September 2007
October 2007
November 2007
December 2007
January 2008
February 2008
March 2008
April 2008
June 2008
July 2008
August 2008
October 2008
Copyright © 2004-2008 CodeAttest Ltd. All Rights Reserved.