Re: [flexcoders] denying GETs on .NET WSDL web service file...
On Thursday 12 Apr 2007, scott_flex wrote: > and part of the security, as I have done in the past, is deny any GETs > on the WSDL file so someone can't easily determine all the methods > exposed. I will be calling these services via SSL as well. They can determine that by watching the network traffic, can't they ? -- Tom Chiverton Helping to preemptively syndicate customized information on: http://thefalken.livejournal.com This email is sent for and on behalf of Halliwells LLP. Halliwells LLP is a limited liability partnership registered in England and Wales under registered number OC307980 whose registered office address is at St James's Court Brown Street Manchester M2 2JF. A list of members is available for inspection at the registered office. Any reference to a partner in relation to Halliwells LLP means a member of Halliwells LLP. Regulated by the Law Society. CONFIDENTIALITY This email is intended only for the use of the addressee named above and may be confidential or legally privileged. If you are not the addressee you must not read it and must not use any information contained in nor copy it nor inform any person other than Halliwells LLP or the addressee of its existence or contents. If you have received this email in error please delete it and notify Halliwells LLP IT Department on 0870 365 8008. For more information about Halliwells LLP visit www.halliwells.com. -- Flexcoders Mailing List FAQ: http://groups.yahoo.com/group/flexcoders/files/flexcodersFAQ.txt Search Archives: http://www.mail-archive.com/flexcoders%40yahoogroups.com Yahoo! Groups Links <*> To visit your group on the web, go to: http://groups.yahoo.com/group/flexcoders/ <*> Your email settings: Individual Email | Traditional <*> To change settings online go to: http://groups.yahoo.com/group/flexcoders/join (Yahoo! ID required) <*> To change settings via email: mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] <*> To unsubscribe from this group, send an email to: [EMAIL PROTECTED] <*> Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/
[flexcoders] denying GETs on .NET WSDL web service file...
Has anyone, as part of their web service security, attempted to deny the verb get on their web services but still be able to call them in their actionscript code? Ionly only have one client (flex app) that will call my web services, and part of the security, as I have done in the past, is deny any GETs on the WSDL file so someone can't easily determine all the methods exposed. I will be calling these services via SSL as well. However, when i call the load WSDL file, it obviously fails since that operation is a GET. All method calls are POSTS, so they'll/should work. Is this a situation where I would use a Proxy... just define the web service interface in my flex app... or am i required to always expose the wsdl file to my flex app? Thanks for any help! Usuing .NET Web services as my backend.