RE: [ebxmlms-general] spoofing to parties

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

I don't think the sendig url is important. If security is needed,
transport authentication should take place and to prevent spoofing, a
transport authentication should be verified/checked against
message-authentication (signature?)

I'm working out such a mechanism (ldap based, but if it becomes a 'hook'
other implementations (file based?) could be implemented as well).

Ronald

> -----Oorspronkelijk bericht-----
> Van: Geilfuss, Brad [mailto:Bra...@Si...]
> Verzonden: woensdag 16 juli 2003 1:38
> Aan: ebx...@li...
> Onderwerp: [ebxmlms-general] spoofing to parties
> 
> 
> Hi-
> 
> One question, one heads up.
> 
> The question: 
> 
> Is it possible to easily acertain the MSH that sent an ebxml 
> message aside from the <From><PartyId> element in the message 
> itself to confirm that the 'from' party hasn't been spoofed?  
> i.e., does the Request object ever get and store the URL of 
> the MSH that sent the message using Socket.getInetAddress() 
> or similar?  This might be a useful feature otherwise.
> 
> 
> The heads up: 
> 
> The call to onMessage() in 
> hk.hky.cecid.phoenix.message.handler.Request.run() (~line 
> 288) is wrapped in a blanket "catch" statement that doesn't 
> seem to report the errors it catches to any log. This makes 
> it arbitrarily hard to know if something has gone wrong in 
> any code that implements the MessageListener interface 
> because if an exception occurs that you don't explicitly 
> catch in your implementation of the interface, you'll never know it.
> 
> B
> 
> ==
> Brad Geilfuss
> Sierra Systems
> 400 N. Continental Blvd., Suite 300
> El Segundo, CA 90245
> www.SierraSystems.com
> 
> 
> -------------------------------------------------------
> This SF.net email is sponsored by: VM Ware
> With VMware you can run multiple operating systems on a 
> single machine.
> WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual 
> machines at the
> same time. Free trial click here: http://www.vmware.com/wl/offer/345/0
> _______________________________________________
> ebxmlms-general mailing list
> ebx...@li...
> https://lists.sourceforge.net/lists/listinfo/ebxmlms-general
> 