You are viewing a plain text version of this content. The canonical link for it is here.

Posted to java-user@axis.apache.org by Steve Parker <st...@naweb.com> on 2003/01/28 20:00:44 UTC

Re: Web Service Model - Security Issues

i guess one would protect SOAP from DOS attacks using the same techniques as 
one would use to protect HTTP from such attacks, right?

and, regarding authentication/authorization of web services...  look at the 
SAML (Security Assertion Markup Language) OASIS standard (www.oasis-open.org).

On Tue, 28 Jan 2003 18:44:53 +0000, Nicolas Dinh wrote
> <soap:address DIV <soap:binding DIV <soap:body DIV <soap:body DIV Hi,
> 
> <soap:address DIV <soap:binding DIV <soap:body DIV <soap:body DIV 
> I'm still quite new to all of this. But from what I understand, one 
> of the main goals of using a Web Service Model is to essentially 
> make its interface universal and accessible to anyone.
> 
> <soap:address DIV <soap:binding DIV <soap:body DIV <soap:body DIV 
> How does one protect one's Web Service from malicious attacks. One 
> that comes into mind and can be done quite easily is flooding a Web 
> Serice with SOAP calls. If the scope of the AXIS Web Service is per 
> request, then the Web Servicee object is instantiated every time a 
> SOAP call is made and can put quite a load or even crash the server 
> that is hosting the Web Service?
> 
> <soap:address DIV <soap:binding DIV <soap:body DIV <soap:body DIV 
> Regards,
> 
> <soap:address DIV <soap:binding DIV <soap:body DIV <soap:body DIV 
> Nicolas Dinh
> 
> -----------------------------------------------------------------------
> Help STOP SPAM with the new MSN 8  and get 2 months FREE*