| Popis: |
Naive use of XML Signature may result in signed documents remaining vulnerable to undetected modification by an adversary. In the typical usage of XML Signature to protect SOAP messages, an adversary may be capable of modifying valid messages in order to gain unauthorized access to protected resources.This paper describes the general vulnerability and several related exploits, and proposes appropriate countermeasures. While the attacks described herein may se obvious to security experts once they are explained, effective countermeasures require careful security policy specification and correct implentation by signed message providers and consumers. Since these implenters are not always security experts, this paper provides the guidance necessary to prevent these attacks. |
