I am looking at security issues with our web services before we go to production.
Has any one got any good tips, suggestions or references on how to prevent cross site scripting through web services, especially web services with attachments. What experiences have people had with mime/dime and security risks? I am looking at a filter chain to inspect the soap message for malice scripting and sql text The thing that concerns me is that although we are using basic authentication over ssh, and only open up our firewalls to trusted clients, I cannot be sure that our clients databases have not injected with scripting whic then finds it's way into the web service soap contents and then into our data base. Am I being overly paranoid or are these valid concerns? Would the filters be somthing usefull to contrubute back to the axis project and have as a configurable item, that axis users could turn on and extend upon if they wish? Matt Send instant messages to your online friends http://au.messenger.yahoo.com
