波鸿鲁尔大学专家在2009年发表的研究论文中阐述道:“包装攻击旨在向信息结构中注入一个伪造的元素,在应用逻辑处理伪造元素的同时,有效签名可以覆盖未改过的元素。
Wrapping attacks aim at injecting a faked element into the message structure so that a valid signature covers the unmodified element while the faked one is processed by the application logic.
她竞选活动的其它失策已经要被包装成受到了人身攻击。
Her campaign's other error has been to make personal attacks.
攻击采用了一种在XML签名包装或XML重写中认出的技术,它2005年就为人所知,并利用了网络服务验证签名需求的弱点。
The attack USES a technique, known at XML signature wrapping or XML rewriting, that has been known since 2005 and exploits a weakness in the way Web services validate signed requests.
应用推荐