You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-user@axis.apache.org by Steve Parker <st...@naweb.com> on 2003/01/28 20:00:44 UTC
Re: Web Service Model - Security Issues
i guess one would protect SOAP from DOS attacks using the same techniques as
one would use to protect HTTP from such attacks, right?
and, regarding authentication/authorization of web services... look at the
SAML (Security Assertion Markup Language) OASIS standard (www.oasis-open.org).
On Tue, 28 Jan 2003 18:44:53 +0000, Nicolas Dinh wrote
> <soap:address DIV <soap:binding DIV <soap:body DIV <soap:body DIV Hi,
>
> <soap:address DIV <soap:binding DIV <soap:body DIV <soap:body DIV
> I'm still quite new to all of this. But from what I understand, one
> of the main goals of using a Web Service Model is to essentially
> make its interface universal and accessible to anyone.
>
> <soap:address DIV <soap:binding DIV <soap:body DIV <soap:body DIV
> How does one protect one's Web Service from malicious attacks. One
> that comes into mind and can be done quite easily is flooding a Web
> Serice with SOAP calls. If the scope of the AXIS Web Service is per
> request, then the Web Servicee object is instantiated every time a
> SOAP call is made and can put quite a load or even crash the server
> that is hosting the Web Service?
>
> <soap:address DIV <soap:binding DIV <soap:body DIV <soap:body DIV
> Regards,
>
> <soap:address DIV <soap:binding DIV <soap:body DIV <soap:body DIV
> Nicolas Dinh
>
> -----------------------------------------------------------------------
> Help STOP SPAM with the new MSN 8 and get 2 months FREE*