On Mon, Jan 10, 2011 at 10:19 PM, Afkham Azeez <[email protected]> wrote:
> > > On Mon, Jan 10, 2011 at 10:01 PM, Prabath Siriwardana <[email protected]>wrote: > >> >> >> On Mon, Jan 10, 2011 at 7:44 PM, Amila Suriarachchi <[email protected]>wrote: >> >>> hi, >>> >>> First I think just restricting access to a service meta data won't make >>> any thing secure. >>> >> >> But - it makes things harder - specially in the case where a security >> policy being attached.. >> >> One can argue that this "security by obscurity" - but once again this >> makes the attacker guessing .. and that has made this a common requirement >> IMHO... >> > > This is not necessarily about security as I have mentioned earlier. Sorry > if my original mail gave this idea. > Actually this is a requirement came in the security space as well.. People do not want anybody to see the exact details of the security policies they use, to arbitrary clients and also need to hide the contract. Sharing and making the contract available publicly can tend to execute more intelligent DOS attacks... Thanks & regards, -Prabath > > >> >>> Then when you add this parameter then it won't show the service both >>> authorized and unauthorized people. Correct way is to assign a role. show >>> the metadata only if user in that role. >>> >>> For this in Axis2 we need to assume people have configure the tomcat or >>> application user manger component properly and use those roles. >>> >> >> >> Thanks & regards, >> -Prabath >> >> >>> >>> thanks, >>> Amila. >>> >>> >>> On Mon, Jan 10, 2011 at 5:10 PM, Afkham Azeez <[email protected]> wrote: >>> >>>> As per https://issues.apache.org/jira/browse/AXIS2-3316 I have >>>> implemented this functionality where you can add the <parameter >>>> name="exposeServiceMetadata">false</parameter> parameter to the axis2.xml >>>> or >>>> services.xml file in order to restrict access to the service metadata. >>>> >>>> Adding the parameter to axis2.xml will not allow access to the metadata >>>> of all services. When specified at the service group or service level, it >>>> will be applicable only to those services. >>>> >>>> -- >>>> *Afkham Azeez* >>>> Senior Software Architect & Senior Manager; WSO2, Inc.; http://wso2.com >>>> , >>>> * >>>> * >>>> *Member; Apache Software Foundation; >>>> **http://www.apache.org/*<http://www.apache.org/> >>>> * >>>> email: **[email protected]* <[email protected]>* cell: +94 77 3320919 >>>> blog: **http://blog.afkham.org* <http://blog.afkham.org>* >>>> twitter: >>>> **http://twitter.com/afkham_azeez*<http://twitter.com/afkham_azeez> >>>> * >>>> linked-in: **http://lk.linkedin.com/in/afkhamazeez* >>>> * >>>> * >>>> *Lean . Enterprise . Middleware* >>>> >>>> >>>> _______________________________________________ >>>> Carbon-dev mailing list >>>> [email protected] >>>> https://wso2.org/cgi-bin/mailman/listinfo/carbon-dev >>>> >>>> >>> >>> _______________________________________________ >>> Carbon-dev mailing list >>> [email protected] >>> https://wso2.org/cgi-bin/mailman/listinfo/carbon-dev >>> >>> >> >> >> -- >> Thanks & Regards, >> Prabath >> >> http://blog.facilelogin.com >> http://RampartFAQ.com >> >> _______________________________________________ >> Carbon-dev mailing list >> [email protected] >> https://wso2.org/cgi-bin/mailman/listinfo/carbon-dev >> >> > > > -- > *Afkham Azeez* > Senior Software Architect & Senior Manager; WSO2, Inc.; http://wso2.com, > * > * > *Member; Apache Software Foundation; > **http://www.apache.org/*<http://www.apache.org/> > * > email: **[email protected]* <[email protected]>* cell: +94 77 3320919 > blog: **http://blog.afkham.org* <http://blog.afkham.org>* > twitter: **http://twitter.com/afkham_azeez*<http://twitter.com/afkham_azeez> > * > linked-in: **http://lk.linkedin.com/in/afkhamazeez* > * > * > *Lean . Enterprise . Middleware* > > > _______________________________________________ > Carbon-dev mailing list > [email protected] > https://wso2.org/cgi-bin/mailman/listinfo/carbon-dev > > -- Thanks & Regards, Prabath http://blog.facilelogin.com http://RampartFAQ.com
_______________________________________________ Carbon-dev mailing list [email protected] https://wso2.org/cgi-bin/mailman/listinfo/carbon-dev
