The following sections describe replay attacks and expand on how timestamps can be used to mitigate these attacks in WS-Security.
Table of Contents | ||||
---|---|---|---|---|
|
How replay attacks can be harmful?
...
Because of the consistent way timestamp is verified in Rampart level considering both created
and expires
, the validation at the WSS4J is disabled by default with timestampstrict
set to false.
Other ways to avoid replay attacks
...
According to the above logic of validating Timestamp, it is considered valid during the time period:
...
This means replay attacks made during that period are not detected if any other mechanism is not adopted to detect and avoid replay attacks.Some Some other mechanisms to avoid replay attacks are:
...