SOAP Ponderings

Previous page
Table of content
Next page

SOAP Ponderings

If you ve ever written a remote procedure call (RPC) application, take a moment to reflect on whether you would place your RPC service directly on the Internet. No? Essentially, SOAP is RPC meets HTTP, or COM meets HTTP. You should remember that SOAP applications are Web applications and run in the most hostile of environments. It is incredibly important that you check all input sent to your SOAP methods. Use regular expressions to determine whether the data is valid. The good news is that SOAP method call arguments are typed, and the SOAP engine will stop many instances of bogus data. But you should still validate the data anyway.

Also, if your SOAP services require authentication, make sure your .WSDL (Web Services Description Language) and .DISCO (Web Services Discovery) files are covered by the same authentication settings. Both of these files allow a user or an attacker to determine information about your application, some of which might be sensitive. Therefore, if a user should be authenticated to access your service, the user should be authenticated to read the application metadata.


Previous page
Table of content
Next page
Writing Secure Code
Writing Secure Code, Second Edition
ISBN: 0735617228
EAN: 2147483647
Year: 2005
Pages: 153
Authors: Michael Howard, David LeBlanc
BUY ON AMAZON
CompTIA Project+ Study Guide: Exam PK0-003
CISSP Exam Cram 2
Professional Java Native Interfaces with SWT/JFace (Programmer to Programmer)
An Introduction to Design Patterns in C++ with Qt 4
.NET System Management Services
Programming .Net Windows Applications
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy