Security Issue

[Joe Plautz <jo...@customcall.com>]

Hello,

I'm looking for some guidance in the realm of security. I am in charge 
of  creating some web services to be used by a PowerBuilder front 
end(changing this is not an option). What I've discovered is that 
PowerBuilder does not allow you to modify/add headers in any shape or 
form. So, adding in WS-Security compliant headers or some other form of 
authentication headers would require a lot more time than than 
desired(ie writing a custom soap lib). It does support HTTP-Basic 
authentication, but because of the way the user information is being 
stored it is not a feasible option, user info is being stored in client 
specific databases. I've come up with my own ideas, which include 
sending the "authentication" piece as part of the message. If anyone has 
any alternative ideas please let me know.

Thanks,
Joe Plautz

Re: Security Issue

[Mike Barton <mb...@allesta.com>]

Joe,

You might want to look at UDDI authentication mechanism, which is based 
on simple token exchange model.

http://uddi.org/pubs/ProgrammersAPI-V2.04-Published-20020719.htm#_Toc25137739

Mike.



Joe Plautz wrote:

> Hello,
>
> I'm looking for some guidance in the realm of security. I am in charge 
> of  creating some web services to be used by a PowerBuilder front 
> end(changing this is not an option). What I've discovered is that 
> PowerBuilder does not allow you to modify/add headers in any shape or 
> form. So, adding in WS-Security compliant headers or some other form 
> of authentication headers would require a lot more time than than 
> desired(ie writing a custom soap lib). It does support HTTP-Basic 
> authentication, but because of the way the user information is being 
> stored it is not a feasible option, user info is being stored in 
> client specific databases. I've come up with my own ideas, which 
> include sending the "authentication" piece as part of the message. If 
> anyone has any alternative ideas please let me know.
>
> Thanks,
> Joe Plautz
>
>