About the SOAP Security / Nusoap Library |
[eluser]Unknown[/eluser]
I have been reading about SOAP because I need to use it. The main problem that I'm seeing is with the security but I still have some questions about it. Based in this thread: http://ellislab.com/forums/viewthread/59710/ Quote:All that I need is to reference the url: http://localhost/webservice.php/client/12345Does that mean that if another person takes that same url, that person will be able to see the xml result? Of course I understand that I can validate the IP in the request and create a crazy url like http://localhost/webservice.php/client/a...da5s4d6a5s But my point is more trying to see if there's more security features that I don't know yet?
[eluser]Nathan Pitman (Nine Four)[/eluser]
We used nuSOAP but the same security issues applied. In our case we just created a set of unique access codes that had to be passed to the web service to return a result.
[eluser]drewbee[/eluser]
Yup, infact this is how almost every API works. Perhaps username/password needs to be passed to the API, or a unique hash (key) for every account. |
Welcome Guest, Not a member yet? Register Sign In |