Win a copy of Murach's Python Programming this week in the Jython/Python forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic

Web Services Security  RSS feed

 
Pradeep Sahoo
Ranch Hand
Posts: 46
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I am not sure if I should post this question here or instead in the Security Forum. However I decided to post it here !!
I am using Web Services architecture within my application. Meaning that I have not exposed my web services to the Internet. Do I need to worry about Web Services security - the whole stuff of using XML Signatures, Encryption etc.
In addition I do not think I need to have SSL either for this.
Please suggest
Thanks in advance,
Pradeep
 
Rakesh Garishakurthi
Greenhorn
Posts: 4
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,
In my view, it is a must if necessary. Meaning, if you want your data not be viewed from eavesdroppers or any unintended person, you have to encrypt the XML payload over HTTP. Because, any data, non-binary, in SOAP is sent as XML, any simple TCP tunneler tool could nicely display a human readable XML. This is not exception for passwords even if you are using basic HTTP authentication.
Hence, I suggest you to use at least a simple custom encoding scheme to keep your data genuine.
I welcome your comments.
Thanks,
Rakesh.
 
Pradeep Sahoo
Ranch Hand
Posts: 46
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks Rakesh for your reply.
However my Web Services are consumed by my internal application only. The application Server is located inside the DMZ which means that the Web Services are not exposed to any outsider.
However anybody from the internal network can pry on the Message which of course would be clear text.
In this scenario is it worth going in for the Web Services Security stuff.
Thanks,
Pradeep
 
Lipman Li
Ranch Hand
Posts: 122
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
properly not worth to worry about security if it is used internally
 
Pradeep Sahoo
Ranch Hand
Posts: 46
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks Li for reassuring me.
Pradeep
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!