in reply to Re: Re: Securing your SOAP Application
in thread Securing your SOAP Application

I see what you mean now about HTTP (sorry about that :P ).

Frankly I have avoided the whole authentication issue by only exposing publicly available (in the company) data and making it query only. I couldn't use SSL in my projects (for various political reasons) and my scheme was the path of least resistance.

Until there is a standard I guess it boils down to your own environment. In my case, packing it inside the envelope will have to be the way to go. Plus our security policy (at work) is to encrypt everything, SSL or otherwise.

I do wonder, however, whether you have considered using some form of digest mechanism in your method? Do you think this is worthwhile?

Thanks for your feedback :)
  • Comment on Re: Re: Re: Securing your SOAP Application

Replies are listed 'Best First'.
Re: Re: Re: Re: Securing your SOAP Application
by hardburn (Abbot) on Jul 30, 2003 at 20:25 UTC

    I do wonder, however, whether you have considered using some form of digest mechanism in your method? Do you think this is worthwhile?

    Perhaps. The Apache::Htpasswd module already stores the passwords in encryped form. Apache's .htpasswd file format supports using hashes instead of encrypted data, but the module doesn't appear to support this feature. For just transfering the password, it couldn't hurt to use a digester.

    ----
    I wanted to explore how Perl's closures can be manipulated, and ended up creating an object system by accident.
    -- Schemer

    Note: All code is untested, unless otherwise stated

[reply]

In Section Meditations