i guess one would protect SOAP from DOS attacks using the same techniques as one would use to protect HTTP from such attacks, right?
and, regarding authentication/authorization of web services... look at the SAML (Security Assertion Markup Language) OASIS standard (www.oasis-open.org). On Tue, 28 Jan 2003 18:44:53 +0000, Nicolas Dinh wrote > <soap:address DIV <soap:binding DIV <soap:body DIV <soap:body DIV Hi, > > <soap:address DIV <soap:binding DIV <soap:body DIV <soap:body DIV > I'm still quite new to all of this. But from what I understand, one > of the main goals of using a Web Service Model is to essentially > make its interface universal and accessible to anyone. > > <soap:address DIV <soap:binding DIV <soap:body DIV <soap:body DIV > How does one protect one's Web Service from malicious attacks. One > that comes into mind and can be done quite easily is flooding a Web > Serice with SOAP calls. If the scope of the AXIS Web Service is per > request, then the Web Servicee object is instantiated every time a > SOAP call is made and can put quite a load or even crash the server > that is hosting the Web Service? > > <soap:address DIV <soap:binding DIV <soap:body DIV <soap:body DIV > Regards, > > <soap:address DIV <soap:binding DIV <soap:body DIV <soap:body DIV > Nicolas Dinh > > ----------------------------------------------------------------------- > Help STOP SPAM with the new MSN 8 and get 2 months FREE*
