FW: AGTk Security
Ivan R. Judson
judson at mcs.anl.gov
Sun Aug 15 12:01:57 CDT 2004
This is something we should consider critical to address before 2.3 is
released.
--Ivan
-----Original Message-----
From: Todd Zimmerman [mailto:toddz at sfu.ca]
Sent: Monday, August 09, 2004 12:50 PM
To: Ivan R. Judson
Cc: Thomas D. Uram; Brian Corrie
Subject: AGTk Security
Hi Ivan,
I'm attempting to set up a secure venue for our VenueServer, and thought I'd
do some packet captures to confirm the security. To my surprise, I saw the
encryption key in the captures (nicely XML labeled as such to
boot!):
<encryptionKey xsi:type="xsd:string" id="i23"
SOAP-ENC:root="0">71549166</encryptionKey>
I've attached the captured packet as a text file. These were captured using
Ethereal, so they are 'straight off the wire'. I can send the entire
capture if you like....
Shouldn't the encryption key be encrypted - or is there something I am
missing here?
Thanks for your help...
Todd
--
Collaboration & Visualization Technician WestGrid - www.westgrid.ca IRMACS -
www.irmacs.com Ph. 604.268.6979 Todd Zimmerman - toddz at sfu.ca
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: encryption-cap.txt
URL: <http://lists.mcs.anl.gov/pipermail/ag-dev/attachments/20040815/24e08a89/attachment.txt>
More information about the ag-dev
mailing list