The purpose of By-reference is to swap the original message with surrogate data.

The surrogate data could be referenced to the original message later but typically only by the original system in which created the original reference.

By-reference does not contain anything that is related to the original data and therefore, other than Replay attack is considered secure.

A CSRF Token included in a Transport-layer Security Mechanism session SHOULD prevent any replay attack

More Information#

There might be more information for this subject on one of the following:

Add new attachment

Only authorized users are allowed to upload new attachments.
« This page (revision-5) was last changed on 20-Aug-2016 12:34 by jim