Win a copy of Murach's Python Programming this week in the Jython/Python forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic

How to protect Web Services  RSS feed

 
Kodo Tan
Ranch Hand
Posts: 105
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi
I've this question but was not able to find any answers to it from the web services book I had.
Generally, what's the way (best practice) to protect web services ? For instance, from the WSDL, any client can know what are the available methods to call. How do we protect the application from clients who are supposed to deny access to certain services ? Is this to be done in the usual ACL application module ?
Thanks for any reply ....
 
Lasse Koskela
author
Sheriff
Posts: 11962
5
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You can either apply network security (firewall allowing incoming traffic only from known IP addresses) or application security (anyone can send a SOAP request but your web service application figures out whether the requestor is legit). In the latter case you should use the XML Encryption and XML Digital Signature standards or a similar proprietary means of authentication.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!