You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-user@axis.apache.org by Keast Ann <ke...@bah.com> on 2004/09/08 23:49:30 UTC
Securing Axis Best Practices Time Estimate
Hi All,
How long does it typically take to secure Axis for a production
environment?
I"m not talking about securing my webservice code - but Axis itself for
a production environment.
This is in reference to the "Securing Axis" section located on:
http://cvs.apache.org/viewcvs.cgi/~checkout~/ws-axis/java/docs/security.html
Thank you,
Ann
Re: Securing Axis Best Practices Time Estimate
Posted by Keast Ann <ke...@bah.com>.
Hindsight is always 20/20 as they say - I was hoping to get a feel on
what it took from people who had done it.
Please assume low familiarity with Axis source code. Also assume that
we're logging everything and we will not use Servlets2.3 filters.
This is really an estimate on hardening the Axis source code:
disguising, renaming stuff, and cutting down the build.
If someone were to ask me, how long will it take for you to build a web
site that meets XYZ requirements? - I would be able to have a ballpark
estimate for the customer. This is the same type of question, only since
I don't really have experience securing Axis - I thought I'd ask other
people who do.
Thank you,
Ann
"matthew.hawthorne" wrote:
>
> Keast Ann wrote:
> > How long does it typically take to secure Axis for a production
> > environment?
> > I"m not talking about securing my webservice code - but Axis itself for
> > a production environment.
> >
> > This is in reference to the "Securing Axis" section located on:
> > http://cvs.apache.org/viewcvs.cgi/~checkout~/ws-axis/java/docs/security.html
>
> Although this is, in some ways, a simple question, I also find it to be
> a strange one. If you are the person who will handle this task, but
> upon reading the list of things to do, couldn't come up with an
> estimate, then you will have to consider the time it will take for you
> to learn how to do these things, and then do them.
>
> If there is someone else on your team who is also knowledgeable about
> Axis and servlets, perhaps you should ask them for an estimate?
>
> Some of these items do involve writing code in your application, and
> also modifying the Axis source. So, it's not just a configuration issue.
>
> It seems impossible for anyone here to give you an accurate estimate,
> being that it depends on the skill and knowledge of the person who
> performs the task. How could I possibly know how long it would take
> someone else to do these things?
>
> Perhaps I'm looking at it the wrong way...
Re: Securing Axis Best Practices Time Estimate
Posted by "matthew.hawthorne" <ma...@apache.org>.
Keast Ann wrote:
> How long does it typically take to secure Axis for a production
> environment?
> I"m not talking about securing my webservice code - but Axis itself for
> a production environment.
>
> This is in reference to the "Securing Axis" section located on:
> http://cvs.apache.org/viewcvs.cgi/~checkout~/ws-axis/java/docs/security.html
Although this is, in some ways, a simple question, I also find it to be
a strange one. If you are the person who will handle this task, but
upon reading the list of things to do, couldn't come up with an
estimate, then you will have to consider the time it will take for you
to learn how to do these things, and then do them.
If there is someone else on your team who is also knowledgeable about
Axis and servlets, perhaps you should ask them for an estimate?
Some of these items do involve writing code in your application, and
also modifying the Axis source. So, it's not just a configuration issue.
It seems impossible for anyone here to give you an accurate estimate,
being that it depends on the skill and knowledge of the person who
performs the task. How could I possibly know how long it would take
someone else to do these things?
Perhaps I'm looking at it the wrong way...