5.1.3 ServerSoap (GetLicensorCertificate) Security Considerations

The ServerSoap (GetLicensorCertificate) port type does not communicate any sensitive information. However, it is strongly recommended that communication be done over HTTPS instead of HTTP to mitigate any man-in-the-middle attacks. If launched successfully, such an attack could allow an untrustworthy server to be registered as a trusted RAC provider for a subordinate RMS server. Properly configured Secure Sockets Layer (SSL) is the recommended mitigation.

Because the ServerSoap (GetLicensorCertificate) port type generally does not require intense processing for the responding server, it is not a severe target for denial of service attacks. However, the impact of such attacks can be further reduced by requiring authentication.