You can protect the JSP page by doing password protection, etc. However, the rpcrouter Servlet knows how to deploy services too. You need to guard against this as well.
-----Original Message----- From: Oleg [mailto:[EMAIL PROTECTED]] Sent: Thursday, November 29, 2001 1:50 PM To: [EMAIL PROTECTED] Subject: RE: Security issue - deploy Can you just place directory level password protection where the JSP page is sitting, so anyone who will try to access that page will have to enter username/password? Sincerely, Oleg -----Original Message----- From: Wilkins, Craig [mailto:[EMAIL PROTECTED]] Sent: Thursday, November 29, 2001 6:43 AM To: '[EMAIL PROTECTED]' Subject: RE: Security issue - deploy I know of a couple of options.. Change the URL for the JSP page where you can deploy, etc. Modify the code in rpcrouter so that it can't change the services. Make the file that contains the deployed SOAP services read-only. Put a proxy or firewall in front of your soap server that filters out any requests that aren't the SOAP calls that you are expecting. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Thursday, November 29, 2001 8:23 AM To: [EMAIL PROTECTED] Subject: Security issue - deploy Hi all, do you know any way to prevent "malicious" persons from deploying (undeploying) a service in my SOAP Server? I mean, is there anything integrated ni SOAP to accept "deploy" ("undeploy") calls only from specific IPs or something? I wouldn't like my services being undeployed by anyone.... Thank you...
