Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.
I did a search but I don't think this has been touched on yet.
Does anybody have any experience in securing web services?
I have two applications (one already exists) in mind that need to exchange data. I can do this using SOAP (PHP4 w/ NuSOAP) however the web service running on the one application should only accept data/calls from certain places.
Does anybody know how to implement some simple security? The data itself doesn't need to be encrypted, I just need to restrict who (or what) can use the webservice.
acidHL wrote:
I did a search but I don't think this has been touched on yet.
Does anybody have any experience in securing web services?
What's so special about web services that it would be any different than other ip-based restriction solutions?
acidHL wrote:
I just need to restrict who (or what) can use the webservice.
Apart from ip-based restrictions you could also require authentication. Most webbrowsers already have built-in support for that.. And if you want to take it a step further i would recommend that you look at the WebService Enhancements.. (More specifically WS-Security)