Hello, I am wondering if anyone else has worked on a solution to handle DoS attacks. My boss asked me about this issue, and short of only allowing people with a valid username and password, there is little I can do, I think.
We are also thinking about restricting who can access the wsdl files. The basic idea is to have the developer first get permission, and so a username and password that will be embedded in their program. They are responsible to ensure that it is kept reasonably secret. This is sent as part of the soap call, and so is validated before the implementation class is instantiated. Once this class is instantiated, if there is a DoS, we at least know which program was responsible for it, and can just disallow that program to be used, until we can stop the attacks. This isn't a perfect solution, but the best one I have come up with so far. Thank you for any ideas.