Hindsight is always 20/20 as they say - I was hoping to get a feel on what it took from people who had done it.
Please assume low familiarity with Axis source code. Also assume that we're logging everything and we will not use Servlets2.3 filters. This is really an estimate on hardening the Axis source code: disguising, renaming stuff, and cutting down the build. If someone were to ask me, how long will it take for you to build a web site that meets XYZ requirements? - I would be able to have a ballpark estimate for the customer. This is the same type of question, only since I don't really have experience securing Axis - I thought I'd ask other people who do. Thank you, Ann "matthew.hawthorne" wrote: > > Keast Ann wrote: > > How long does it typically take to secure Axis for a production > > environment? > > I"m not talking about securing my webservice code - but Axis itself for > > a production environment. > > > > This is in reference to the "Securing Axis" section located on: > > http://cvs.apache.org/viewcvs.cgi/~checkout~/ws-axis/java/docs/security.html > > Although this is, in some ways, a simple question, I also find it to be > a strange one. If you are the person who will handle this task, but > upon reading the list of things to do, couldn't come up with an > estimate, then you will have to consider the time it will take for you > to learn how to do these things, and then do them. > > If there is someone else on your team who is also knowledgeable about > Axis and servlets, perhaps you should ask them for an estimate? > > Some of these items do involve writing code in your application, and > also modifying the Axis source. So, it's not just a configuration issue. > > It seems impossible for anyone here to give you an accurate estimate, > being that it depends on the skill and knowledge of the person who > performs the task. How could I possibly know how long it would take > someone else to do these things? > > Perhaps I'm looking at it the wrong way...
