|
-
Dec 20th, 2006, 05:19 PM
#1
[2005] Web Service Security options
I have worked with webservices a bit in 2003, and I just upgraded a 2003 WS project to 2005.
I am just wondering if there are any new security considerations I can use to make this WS as secure as possible.
I will refer to my programs as winapp (for the windows app that consumes the service, and SecureWS as the web service to be consumed)
My ultimate goal is this:
Only authenticated callers (aka winapp) can access the methods of the webservice.
What I have implemented so far:
-All calls to SecureWS are over SSL
-My webhost allows me to create user accounts so I can deny anonymous access to the directory where SecureWS sits, but allow access from an account I create. So I create a user acct that only has access to that SecureWS. This is so you can't nagivate to the URL of my ASMX file and see all the methods.
-I have a TripleDES encrypted string of the credentials (credentials for the user account I created on my web host) stored in winapp, and at runtime when I call the SecureWS, i decrypt it, and pass it as credentials to SecureWS
Is there anything I am over doing, missing, doing wrong?
I have found some articles on WS security, however they mostly deal with situations where you have full access to IIS, which I do not.
However I do want to protect my service from unauthorized access, or from brute force attacks. I am not some big software company, so I may be overdoing it a little on security, as I don't expect a ton of people trying to hack this, however it does only take one person, not a ton.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|