oh! didn't see this before i clicked on send.
so it was not so much a hassle after all :)
Regrads,
Dumindu.
On Feb 13, 2008 2:06 PM, Senaka Fernando <[EMAIL PROTECTED]> wrote:
> Hi all,
>
> I have added this fix into the head. By default, the Transport Headers
> would not be exposed to a Service
Hi Senaka,
> The decision should be made inside core_utils.c. I believe that it would
> be a great deal of hassle if we are to include it the axis2.xml, and
> propagate it to there. Also, if it is configurable, it should be a service
> level configuration. Therefore, I believe it is better to have
Hi all,
I have added this fix into the head. By default, the Transport Headers
would not be exposed to a Service. Instead you will have to enable it in
the axis2.xml. Refer the axis2_manual on the svn head - the axis2.xml
section. Or modify the "false" to "true"
Regards,
Senaka
> Hi Kaushalye,
>
Hi Kaushalye,
I think you are correct. I'm currently investigating the way we could read
a param from the axis2.xml inside core_utils.c.
Regards,
Senaka
> Senaka Fernando wrote:
>>> On Feb 12, 2008 5:29 PM, Kaushalye Kapuruge <[EMAIL PROTECTED]> wrote:
>>>
Senaka Fernando wrote:
>
Senaka Fernando wrote:
On Feb 12, 2008 5:29 PM, Kaushalye Kapuruge <[EMAIL PROTECTED]> wrote:
Senaka Fernando wrote:
Hi again,
Also adding to this discussion, we must be fair to REST users too,
Kaushalye and that makes sense. :)...
:) Yes. But still I do not accept expo
> On Feb 12, 2008 5:29 PM, Kaushalye Kapuruge <[EMAIL PROTECTED]> wrote:
>>
>> Senaka Fernando wrote:
>> > Hi again,
>> >
>> > Also adding to this discussion, we must be fair to REST users too,
>> > Kaushalye and that makes sense. :)...
>> >
>> >
>> :) Yes. But still I do not accept exposing the pa
Dumindu Pallewela wrote:
On Feb 12, 2008 5:29 PM, Kaushalye Kapuruge <[EMAIL PROTECTED]> wrote:
Senaka Fernando wrote:
Hi again,
Also adding to this discussion, we must be fair to REST users too,
Kaushalye and that makes sense. :)...
:) Yes. But still I do not accept exposing
On Feb 12, 2008 5:29 PM, Kaushalye Kapuruge <[EMAIL PROTECTED]> wrote:
>
> Senaka Fernando wrote:
> > Hi again,
> >
> > Also adding to this discussion, we must be fair to REST users too,
> > Kaushalye and that makes sense. :)...
> >
> >
> :) Yes. But still I do not accept exposing the password even
quire userid and
password in the URI or query string, so the http basic auth is a way
around that.
Thanks,
-Dave.
-Original Message-
From: Senaka Fernando [mailto:[EMAIL PROTECTED]
Sent: Tuesday, February 12, 2008 5:52 AM
To: Apache AXIS C Developers List
Subject: Re: Exposing Transport He
Hi Kaushalye,
Even the Basic Authentication scheme works with a Challenge response
mechanism. And, therefore, if the client is sending authentication
information without verifying whether it is required, would be considered
as intentional. And, in such a situation, if the service managed to
malici
Senaka Fernando wrote:
Hi again,
Also adding to this discussion, we must be fair to REST users too,
Kaushalye and that makes sense. :)...
:) Yes. But still I do not accept exposing the password even for REST users.
I mean this is transport level authentication. The call come to the
servic
Hi again,
Also adding to this discussion, we must be fair to REST users too,
Kaushalye and that makes sense. :)...
Therefore, if you have a SOAP-only service you are advised to use the SOAP
Header. But, if you use REST, you may read the HTTP headers.
Regards,
Senaka
> Hi Kaushalye,
>
> Yes I be
Hi Kaushalye,
Yes I believe what you say is true. It is a violation of concern. However,
what if someone needs the header itself? We can do that. However, as you
say, it is not advised to use this approach. But, we can always have it.
May be this could go into a #ifdef block, so that it can be dis
Hi Senaka,
The basic authentication is always recommended to use with a
cryptographically secured connection. If not, it's not a difficult task
to crack the username and password pair, which is in the form of base64
encoded text. So if the client/server must agreed upon the kind of
transport t
Hi all,
Based on Dave's request, I have added the ability for a service to observe
incoming Transport Headers. I think this is a valid requirement of a
Service Author.
Also, this creates some concern about security of a client-request.
However, I believe that we can answer these issues in this ma
15 matches
Mail list logo
