An In-Depth Example

Previous page
Table of content
Next page

Summary

In this chapter, I described some of the security features available to you as a Web service developer. The security features are not defined in the SOAP protocol itself because SOAP is not restricted to using HTTP; hence your application must leverage existing Web server security features. It is important that any features you choose are based on data gathered from a threat modeling exercise. For example, you can use basic, digest, or .NET Passport authentication to help mitigate client spoofing threats. SSL/TLS can mitigate server spoofing threats as well as data tampering and information disclosure threats by employing encryption and message authentication codes. SSL/TLS can also provide support for client authentication by using optional client authentication certificates. Work is in progress to provide security features for SOAP messages. This technology is called the Global XML Web Services Architecture.

Finally I outlined some very common mistakes made by Web application and Web service developers, most notably those which focus on trusting that user input is well-formed and benign. If you use input without first validating it for cleanliness, you have a serious security disaster waiting to happen. Ignore this advice at your peril!


Previous page
Table of content
Next page
Building XML Web Services for the Microsoft .NET Platform
Building XML Web Services for the Microsoft .NET Platform
ISBN: 0735614067
EAN: 2147483647
Year: 2002
Pages: 94
Authors: Scott Short
BUY ON AMAZON
MySQL Stored Procedure Programming
Practical Intrusion Analysis: Prevention and Detection for the Twenty-First Century: Prevention and Detection for the Twenty-First Century
Mastering Delphi 7
Twisted Network Programming Essentials
Special Edition Using Crystal Reports 10
File System Forensic Analysis
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy