RE: Securing Axis Web Services

Tue, 04 Apr 2006 00:12:29 -0700

Hi Anna,

 

I think wss4j provides message level security. (i.e. the security related aspects are there in the SOAP headers and so it is not using ssl). How is it different from making a SSL connection explicitly from the client to the server and then using the certificates, encryption etc?

 

If you get some time, then can you write a detailed mail on that.

What is “double ssl” that you mentioned.

 

Regards,

Subir S
Hyderabad-500081, AP
tel: 040-30795137

 

 

Want a signature like this? 

 

From: Anna Krajewska [mailto:[EMAIL PROTECTED]
Sent: Tuesday, April 04, 2006 11:39 AM
To: [email protected]
Subject: Re: Securing Axis Web Services

 

Hi

 

I use WSS4j. I create password secured WS and signed with certificate response. All communication is done with double ssl.

What you should use depends on what kind of data you send. If only the response of WS contains privileged data you don't have to put much security to the request - password is the best.

 

Regards

 

Ania

----- Original Message -----

Sent: Tuesday, April 04, 2006 1:12 AM

Subject: Securing Axis Web Services

 

I am kinda used to build WS with Axis, but I've never done any secure WS before.

By secure I mean: only authorized access.

I read Axis' documentation and they say I can use the sister project XML Signature.

For you, experient guy, what is the best way (simple but functional) to allow only authorized access to my WS?

Using certificates? HTTPS? User/Password in the SOAP header?

Thanks
Daniel


The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain proprietary, confidential or privileged information. If you are not the intended recipient, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately and destroy all copies of this message and any attachments.

WARNING: Computer viruses can be transmitted via email. The recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email.

www.wipro.com

Reply via email to