This week's book giveaway is in the Cloud forum.
We're giving away four copies of Terraform in Action and have Scott Winkler on-line!
See this thread for details.
Win a copy of Terraform in Action this week in the Cloud forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Tim Cooke
  • Campbell Ritchie
  • Paul Clapham
  • Ron McLeod
  • Liutauras Vilda
Sheriffs:
  • Jeanne Boyarsky
  • Rob Spoor
  • Bear Bibeault
Saloon Keepers:
  • Jesse Silverman
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
Bartenders:
  • Piet Souris
  • Al Hobbs
  • salvin francis

Web Services Security

 
Ranch Hand
Posts: 46
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I am not sure if I should post this question here or instead in the Security Forum. However I decided to post it here !!
I am using Web Services architecture within my application. Meaning that I have not exposed my web services to the Internet. Do I need to worry about Web Services security - the whole stuff of using XML Signatures, Encryption etc.
In addition I do not think I need to have SSL either for this.
Please suggest
Thanks in advance,
Pradeep
 
Greenhorn
Posts: 4
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,
In my view, it is a must if necessary. Meaning, if you want your data not be viewed from eavesdroppers or any unintended person, you have to encrypt the XML payload over HTTP. Because, any data, non-binary, in SOAP is sent as XML, any simple TCP tunneler tool could nicely display a human readable XML. This is not exception for passwords even if you are using basic HTTP authentication.
Hence, I suggest you to use at least a simple custom encoding scheme to keep your data genuine.
I welcome your comments.
Thanks,
Rakesh.
 
Pradeep Sahoo
Ranch Hand
Posts: 46
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thanks Rakesh for your reply.
However my Web Services are consumed by my internal application only. The application Server is located inside the DMZ which means that the Web Services are not exposed to any outsider.
However anybody from the internal network can pry on the Message which of course would be clear text.
In this scenario is it worth going in for the Web Services Security stuff.
Thanks,
Pradeep
 
Ranch Hand
Posts: 122
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
properly not worth to worry about security if it is used internally
 
Pradeep Sahoo
Ranch Hand
Posts: 46
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thanks Li for reassuring me.
Pradeep
 
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
reply
    Bookmark Topic Watch Topic
  • New Topic