Web service security – Threats and Countermeasures – Part 2 : Message Replay Protection


  • Messages may traverse untrusted intermediaries on an insecure network – any of whom could capture the message and resend the message to the service.
  • A replayed message will often cause data inconsistencies (especially true of update operations)


  • Limited support for preventing replayed messages
  • Many replay caches do not support web farms – meaning that a replayed message could be sent to a separate server in a farm and defeat an in-memory replay cache.




Comments (0)