Martin Kulov's Blog
VSTS, Oslo, INETA, ASP.NET, Debugging .NET Applications, Tips and Tricks
February 22, 2005
WSE Policy Advisor
Microsoft
released
WSE Policy Advisor
- a tool for checking policy correctness. It is called the FxCop tool for web services.
Sample output from the report:
Alarm: Test root certificates are allowed.
Risk: Any usage of X.509 certificates for signing or encrypting is unsafe. An active attacker can generate valid test certificates, then for instance use these certificates to sign any message.
Advice: Do not use test keys in production: set the attribute allowTestRoot="false" in the
element of the WSE configuration file.
#
posted by Martin Kulov @ 2:17 AM
Comments
|
Trackback
<< Home
Calendar
RSS
Martin Kulov's Facebook profile
Recent posts
When you are geek
SHA-1 broken
Enterprise Library Webcasts
Overview of Indigo Architecture
Google Maps totally rocks
To tier or not to tier
Enterprise Library download
.NET Interoperability and SQL 2005 Express
Stacey finds the missing piece in WSE
MTOM is W3C Recommendation
History
November 2004
December 2004
January 2005
February 2005
March 2005
April 2005
May 2005
June 2005
July 2005
August 2005
September 2005
October 2005
November 2005
December 2005
January 2006
February 2006
March 2006
April 2006
May 2006
June 2006
July 2006
September 2006
October 2006
November 2006
December 2006
January 2007
February 2007
March 2007
April 2007
May 2007
June 2007
July 2007
August 2007
September 2007
October 2007
November 2007
December 2007
January 2008
February 2008
March 2008
April 2008
June 2008
July 2008
August 2008
October 2008
Copyright © 2004-2008 CodeAttest Ltd. All Rights Reserved.