[ebxmlms-general] spoofing to parties

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Hi-

One question, one heads up.

The question:=20

Is it possible to easily acertain the MSH that sent an ebxml message =
aside from the <From><PartyId> element in the message itself to confirm =
that the 'from' party hasn't been spoofed?  i.e., does the Request =
object ever get and store the URL of the MSH that sent the message using =
Socket.getInetAddress() or similar?  This might be a useful feature =
otherwise.

The heads up:=20

The call to onMessage() in =
hk.hky.cecid.phoenix.message.handler.Request.run() (~line 288) is =
wrapped in a blanket "catch" statement that doesn't seem to report the =
errors it catches to any log. This makes it arbitrarily hard to know if =
something has gone wrong in any code that implements the MessageListener =
interface because if an exception occurs that you don't explicitly catch =
in your implementation of the interface, you'll never know it.

B

=3D=3D
Brad Geilfuss
Sierra Systems
400 N. Continental Blvd., Suite 300
El Segundo, CA 90245
www.SierraSystems.com