SSL is key (assuming it blocks out the data) as, It is pretty trivial
to find the service location, and even the method names with something
like service capture. So unless the traffic is over SSL, you can
easily see things like id's and passwords passed into the services.
I am curious to see what service capture would see over an SSL
connection with a gateway.
d
On 25-Apr-08, at 1:29 PM, valdhor wrote:
True. But they would need to know the location (It is not in the
WSDL), the username and the password.
--- In [email protected], Tom Chiverton <[EMAIL PROTECTED]>
wrote:
>
> On Friday 25 Apr 2008, valdhor wrote:
> > We don't use Flex to access our Web Services; We use PHP or
Perl. To
> > stop unauthorized access we use a combination of SSL as well as
> > wssecurity
>
> Just to be clear, this doesn't 'stop' anyone writing their own
client for your
> service.
>
> --
> Tom Chiverton
> Helping to widespreadedly streamline intuitive markets
> on: http://thefalken.livejournal.com
>
> ****************************************************
>
> This email is sent for and on behalf of Halliwells LLP.
>
> Halliwells LLP is a limited liability partnership registered in
England and Wales under registered number OC307980 whose registered
office address is at Halliwells LLP, 3 Hardman Square, Spinningfields,
Manchester, M3 3EB. A list of members is available for inspection at
the registered office. Any reference to a partner in relation to
Halliwells LLP means a member of Halliwells LLP. Regulated by The
Solicitors Regulation Authority.
>
> CONFIDENTIALITY
>
> This email is intended only for the use of the addressee named above
and may be confidential or legally privileged. If you are not the
addressee you must not read it and must not use any information
contained in nor copy it nor inform any person other than Halliwells
LLP or the addressee of its existence or contents. If you have
received this email in error please delete it and notify Halliwells
LLP IT Department on 0870 365 2500.
>
> For more information about Halliwells LLP visit www.halliwells.com.
>
