Still Replay attack is possible

[GoogleCodeExporter]

'ae' daemon should check for the action messages from the SSL client to check 
whether an action has already been requested based on message-id and the 
monitor name (2 letter code) comparison.

To do this, 'ae' daemon should cache the messages sent to SSL client and age 
them; if a event message sent to the SSL client is aged, then remove it from 
the cache.  If the received action message is not in cache because it has aged 
or that action has already been performed, then it should drop the action 
message and drop that SSL connection.

This is a known problem,
ravi.

Original issue reported on code.google.com by ravt...@gmail.com on 20 Nov 2012 at 1:54

[GoogleCodeExporter]

The problem is all the monitor's don't have consistent timestamp.  Hence aging 
them is an issue.  This problem should be fixed in conjunction with fixing the 
timer in msgID of monitors,
ravi.

Original comment by ravt...@gmail.com on 20 Nov 2012 at 3:31

[GoogleCodeExporter]

Original comment by ravt...@gmail.com on 20 Nov 2012 at 2:59

• Added labels: Security
• Removed labels: Priority-Medium

[GoogleCodeExporter]

Original comment by ravt...@gmail.com on 20 Nov 2012 at 3:50

• Added labels: Priority-High

[GoogleCodeExporter]

Put in the code to fix this.  Once 'ae' daemon receives the message, it deletes 
it from the cache,
ravi.

r960.

Original comment by ravt...@gmail.com on 21 Nov 2012 at 1:41

• Changed state: Fixed

[GoogleCodeExporter]

Verified with unit testing

Original comment by tbrt....@gmail.com on 9 Dec 2012 at 9:24

• Changed state: Verified