15.5 Encryption Security Considerations
| This section discusses some special security considerations in XML Encryption. 15.5.1 Combining XMLDSIG and XML EncryptionSpecial considerations apply when you use both authentication and confidentiality together. Refer to Chapter 16 for more details. 15.5.2 Information RevealedAs discussed in Chapter 2, when you share a symmetric key amongst multiple recipients, you can safely use that key only for data intended for all recipients. That is, any recipient not sent the data might intercept the information and decrypt it. Application designers should not reveal any information in parameters or algorithm identifiers (e.g., in plain text URIs) that weakens the encryption or tends to compromise the plain text. 15.5.3 Care with Algorithms and ExpressionsTake care when executing or interpreting algorithms, executable content such as XSLT stylesheets, or even XPath expressions. Such actions can consume unacceptable amounts of time, memory, or other resources, cause errors, or, in the worst case, release viruses or other malware. Some clients may be unable to decrypt even properly encrypted material that has been correctly encoded into XML because of algorithms or other optional capabilities they do not implement, URIs they cannot or will not dereference, insufficient resources, policy, or other reasons. Stick to the simplest options, preferably those whose implementation is mandatory or at least recommended, to ensure the widest interoperability for your applications. |
EAN: 2147483647
Pages: 186
- Measuring and Managing E-Business Initiatives Through the Balanced Scorecard
- Measuring ROI in E-Commerce Applications: Analysis to Action
- Technical Issues Related to IT Governance Tactics: Product Metrics, Measurements and Process Control
- The Evolution of IT Governance at NB Power
- Governance Structures for IT in the Health Care Industry