Note where I said ssh I meant SSL!! --- Matthew Hannay <[EMAIL PROTECTED]> wrote:
> I am looking at security issues with our web > services > before we go to production. > > Has any one got any good tips, suggestions or > references on how to > prevent cross site scripting through web services, > especially > web services with attachments. > > What experiences have people had with mime/dime and > security risks? > > I am looking at a filter chain to inspect the soap > message for > malice scripting and sql text > > The thing that concerns me is that although we are > using > basic authentication over ssh, and only open up our > firewalls > to trusted clients, I cannot be sure that our > clients > databases > have not injected with scripting whic then finds > it's > way into > the web service soap contents and then into our data > base. > > Am I being overly paranoid or are these valid > concerns? > > Would the filters be somthing usefull to contrubute > back > to the axis project and have as a configurable item, > that axis > users could turn on and extend upon if they wish? > > Matt > > > Send instant messages to your online friends > http://au.messenger.yahoo.com > Send instant messages to your online friends http://au.messenger.yahoo.com
