Well, you are right, but the project must be deployed behind a *very*
restrictive firewall, and only HTTPS port will be open for our web services.
Attachments are sent out of the envelope, and so, they are not covered
by the message level security. For this, transport level security is used.
Anyway, the case itself is not important; vulnerabilities are. I believe
that having a way to early reject these offending requests would be of
benefit for all us.
Regards,
Rodrigo Ruiz
robert wrote:
Em Sexta 10 Fevereiro 2006 12:23, o Rodrigo Ruiz escreveu:
Hi all,
I have some web services with the following requirements:
- Ability to receive very large attachments (several GB length).
- Security provided by WSS4J
Message level security on attachments of several GB length ? Web services are
not the right technology for this, IMHO. Consider sftp or something of the
like.
HTH,
robert
http://www.braziloutsource.com/
