Making the DeployedServices.ds read-only it's a simple solution
and it works (at least in Unix). When you want to deploy you own services
just make it writable again.
regards,
Ruben
|---------+---------------------------->
| | armstpat@WellsFar|
| | go.COM |
| | |
| | 05/14/2002 07:08 |
| | PM |
| | Please respond to|
| | soap-user |
| | |
|---------+---------------------------->
>--------------------------------------------------------------------------------------------------------------|
|
|
| To: [EMAIL PROTECTED]
|
| cc:
|
| Subject: RE: How to disable ServiceManagerClient
|
>--------------------------------------------------------------------------------------------------------------|
No I didn't intend to say that. I just mentioned one solution that will
work. The work is less that 100 lines of code. By the way, if you write
you own authorization, you will probably want to use SSL.
I think any robust solution will involve modifying the Servlet code
somewhat
anyway.
-----Original Message-----
From: Kristj�n Bjarni Gu�mundsson [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, May 14, 2002 10:01 AM
To: [EMAIL PROTECTED]
Subject: RE: How to disable ServiceManagerClient
So are you telling me that the only way to have a secure Apache SOAP
installation is to rewrite the soap library itself?
armstpat@Wells
Fargo.COM To: [EMAIL PROTECTED]
cc:
14.05.2002 Subject: RE: How to disable
ServiceManagerClient
16:04
Please respond
to soap-user
You can extend server/http/RPCRouterServlet, rpc/Call and
server/ServiceManagerClient to be password protected. You can use basic
HTTP authorization, or pass information via the request headers and code
your own authorization. As far as I can tell, all calls to the
ServiceManager still go through the RPCRouterServlet.
-----Original Message-----
From: Kristj�n Bjarni Gu�mundsson [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, May 14, 2002 8:28 AM
To: [EMAIL PROTECTED]
Subject: RE: How to disable ServiceManagerClient
But I still want to be able to deploy using ServiceManager.
I only want to disable the client so that hackers cannot deploy
services on my server.
How do I only disable the ServiceManagerClient?
"RICARD Bertrand ext
DvSI/SICoR" To:
<[EMAIL PROTECTED]>
<externe.ricard@francete cc:
lecom.com> Subject: RE: How to
disable ServiceManagerClient
14.05.2002 14:02
Please respond to
soap-user
You can use soap.xml file to specifie a specific configManager in which you
can just allow list() and query() methods.
Bertrand
-----Message d'origine-----
De : Kristj�n Bjarni Gu�mundsson [mailto:[EMAIL PROTECTED]]
Envoy� : lundi 13 mai 2002 16:53
� : [EMAIL PROTECTED]
Objet : How to disable ServiceManagerClient
I am using the latest Apache SOAP v2.2
How do I disable the ServiceManagerClient?
--------------------------------------------------------------------------
�byrg� ��n var�andi t�lvup�st:
Your E-mail responsibilities:
http://www.hugvit.is/tolvupostur
--------------------------------------------------------------------------
--------------------------------------------------------------------------
�byrg� ��n var�andi t�lvup�st:
Your E-mail responsibilities:
http://www.hugvit.is/tolvupostur
--------------------------------------------------------------------------
--------------------------------------------------------------------------
�byrg� ��n var�andi t�lvup�st:
Your E-mail responsibilities:
http://www.hugvit.is/tolvupostur
--------------------------------------------------------------------------
