Conclusion

Previous page
Table of content
Next page


Download CD Content

Overview

Web Services are easy to implement and use cross platform, but perhaps their biggest weakness is the lack of security built into the SOAP and other Web Services standard. The fact that Web Services utilize port 80 and HTTP means that they use a port probably configured on your firewall policy that isn’t protected from the outside world. Additionally, the very nature of the Internet—with proxy servers and the overall openness of information makes your Web Services vulnerable. Remember that anyone with a proxy server or a node can view your request or response with relative ease. Consider the SOAP for one of the SimpleStockQuote examples shown earlier in this book.

    Content-Type: text/xml;     charset=utf-8 Content-Length: 461     SOAPAction: ""     <?xml version='1.0' encoding='UTF-8'?>     <SOAP-ENV:Envelope xmlns:SOAP-               ENV="http://schemas.xmlsoap.org/soap/envelope/"                  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"                  xmlns:xsd="http://www.w3.org/2001/XMLSchema">      <SOAP-ENV:Body>        <ns1:getTestQuote xmlns:ns1="urn:simple-stock-quote"SOAENV:             encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">             <symbol xsi:type="xsd:string">C</symbol>        </ns1:getTestQuote>     </SOAP-ENV:Body>     </SOAP-ENV:Envelope>

Not only is the information in text format rather than a binary format but also the content of the document is surrounded by self-describing XML. Thus, the information is easy to view; you took the time to make it easier for the eavesdropper to understand the type and the content of the information you are transmitting. With a comma-delimited string of information, at least, the eavesdropper has to determine what the data actually represents.

The value of a stock, however, is not the most secretive piece of information. Thus you probably would not need a great deal of security to protect that information. On the other hand, if you handled a consumer’s credit card information, you would definitely need to encrypt that information as the request and response made their way across the Web.

Beyond encryption, there are also security concerns you need to consider with Web Services. Such security concerns mainly involve deals the identity of the individual or application accessing your service. Is it whom you expect? Is someone impersonating your regular consumer? Identity isn’t something you consider when deploying a HTML form on your Web site, but with Web Services, you’re providing functionality that possibly interacts with your backend systems such as your Customer Relations Management (CRM) or accounting database at an application level. You need to protect this information.

As with any with any Web project, you need to sit down and consider the amount of security you really need because of the impact on hardware. Once you know your security needs, you can better answer questions related to needed systems.


Previous page
Table of content
Next page
Cross-Platform Web Services Using C# and Java
Cross-Platform Web Services Using C# & JAVA (Charles River Media Internet & Web Design)
ISBN: 1584502622
EAN: 2147483647
Year: 2005
Pages: 128
Authors: Brian Hochgurtel
BUY ON AMAZON
OpenSSH: A Survival Guide for Secure Shell Handling (Version 1.0)
FileMaker Pro 8: The Missing Manual
C++ GUI Programming with Qt 3
Introducing Microsoft ASP.NET AJAX (Pro - Developer)
Professional Struts Applications: Building Web Sites with Struts ObjectRelational Bridge, Lucene, and Velocity (Experts Voice)
GDI+ Programming with C#
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy