About Question enthuware.ocejws.v6.2.217 :

Moderators: Site Manager, fjwalraven

Post Reply
disznoperzselo
Posts: 28
Joined: Fri Jan 02, 2015 12:13 pm
Contact:

About Question enthuware.ocejws.v6.2.217 :

Post by disznoperzselo » Thu Dec 31, 2015 3:49 pm

I think that specifying CONFIDENTIAL transport guarantee is not enough in this case.
We should specify INTEGRAL because the application requires that the data be sent between client and server in such a way that it cannot be changed in transit i.e. the integrity of the communication is maintained thoughout.

Source: https://docs.oracle.com/cd/E19798-01/82 ... xterm-1464

Altough In practice, Java EE servers treat the CONFIDENTIAL and INTEGRAL transport guarantee values identically..

fjwalraven
Posts: 429
Joined: Tue Jul 24, 2012 2:43 am
Contact:

Re: About Question enthuware.ocejws.v6.2.217 :

Post by fjwalraven » Mon Jan 04, 2016 1:38 am

Actually, it is the other way around.

CONFIDENTIAL is stronger than INTEGRAL. Both requirements can be solved by using SSL encryption algorithms. The weaker the encryption algorithm, the easier it is to crack it and break the CONFIDENTIAL requirement (when the integrity requirement is still fulfilled).

Regards,
Frits

Post Reply

Who is online

Users browsing this forum: No registered users and 1 guest