[Users] bc-soap 4.1 and the list of HTTPS services

Christophe DENEUX [via Petals Forums] ml-node+s974793n4022397h81 at n3.nabble.com
Wed May 30 15:34:47 CEST 2012 


IMO, services exposed through SSL should be displayed through the URL 
https://server:8083/petals/services, because:
    - SSL is not an authentication protocol (even if the mode "2-way" 
can be viewed as an authentication protocol), it is more an encryption 
protocol,
    - if you set SSL one-way, you accept that all clients can invoke 
your service, why do you want protect WSDL access ?
    - if you use SSL 2-way, the service list should be available to the 
clients that are known from the server (client encryption key set on the 
server side)

So, I don't see the security issue about WSDL. It seems to me that is 
normal that a web-service client can get its WSDL.

-- 
Christophe DENEUX
CTO
PetalsLink
06 37 72 81 24
Twitter: http://twitter.com/ChrisDENEUX


On 30/05/2012 11:55, Vincent Zurczak [via Petals Forums] wrote:
> Hi,
>
>     Christophe Hamerling wrote
>     If this feature is not available it must be added for a future
>     release since many users are listing services from the SOAP BC page.
>
> I agree for web services over HTTP.
> But for HTTPS, I disagree. Security does not only go through SSL, but 
> also by protecting the URL and the service contract. Displaying the 
> location and the WSDL may be considered as a security issue. The 
> service URL is available in the Petals console and is predictable for 
> the person/team that set up this service.
> « Petals M.D. »
>
>
> ------------------------------------------------------------------------
> If you reply to this email, your message will be added to the 
> discussion below:
> http://forum.petalslink.com/bc-soap-4-1-and-the-list-of-HTTPS-services-tp4020784p4022195.html 
>
> To unsubscribe from Petals Forums, click here 
> <http://forum.petalslink.com/template/NamlServlet.jtp?macro=unsubscribe_by_code&node=1863229&code=Y2hyaXN0b3BoZS5kZW5ldXhAcGV0YWxzbGluay5jb218MTg2MzIyOXwxNzI4NDk5NDc2>.
> NAML 
> <http://forum.petalslink.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml> 
>


-----
Christophe DENEUX
PetalsLink
CTO
_______________________________________________
If you reply to this email, your message will be added to the discussion below:
http://forum.petalslink.com/bc-soap-4-1-and-the-list-of-HTTPS-services-tp4020784p4022397.html
To start a new topic under Users (get help, provide help), email ml-node+s974793n2681628h42 at n3.nabble.com
To unsubscribe from Users (get help, provide help), visit http://forum.petalslink.com/template/NamlServlet.jtp?macro=unsubscribe_by_code&node=2681628&code=dXNlcnNAZm9ydW0ucGV0YWxzbGluay5vcmd8MjY4MTYyOHwtOTE3MDU0NjU4
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://forum-list.petalslink.org/pipermail/users/attachments/20120530/d4fbc5be/attachment-0001.htm>

More information about the Users mailing list