Webservices and Security

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
acidHL
Forum Commoner
Posts: 41
Joined: Wed Dec 07, 2005 7:38 am

Webservices and Security

Post by acidHL »

Hi Guys,

I did a search but I don't think this has been touched on yet.

Does anybody have any experience in securing web services?
I have two applications (one already exists) in mind that need to exchange data. I can do this using SOAP (PHP4 w/ NuSOAP) however the web service running on the one application should only accept data/calls from certain places.

Does anybody know how to implement some simple security? The data itself doesn't need to be encrypted, I just need to restrict who (or what) can use the webservice.

:?:
acidHL
Forum Commoner
Posts: 41
Joined: Wed Dec 07, 2005 7:38 am

Post by acidHL »

Nobody :oops: :(
timvw
DevNet Master
Posts: 4897
Joined: Mon Jan 19, 2004 11:11 pm
Location: Leuven, Belgium

Re: Webservices and Security

Post by timvw »

acidHL wrote: I did a search but I don't think this has been touched on yet.
Does anybody have any experience in securing web services?
What's so special about web services that it would be any different than other ip-based restriction solutions?
acidHL wrote: I just need to restrict who (or what) can use the webservice.
Apart from ip-based restrictions you could also require authentication. Most webbrowsers already have built-in support for that.. And if you want to take it a step further i would recommend that you look at the WebService Enhancements.. (More specifically WS-Security)
Post Reply