OWASP's "Security Analysis of Core J2EE Design Patterns" says I should
turn off the serving of WSDL files:
http://www.owasp.org/index.php/Category:OWASP_Security_Analysis_of_Core_J2EE_Design_Patterns_Project/EISTier#tab=Web_Service_Broker
Publishing WSDL Files
Web Services Description Language (WSDL) files provide details on how
to access web services and are very useful to attackers. Many SOAP
frameworks publish the WSDL by default (e.g. http://url/path?WSDL). Turn
> this feature off.
My application was originally created with AppFuse 1.9.x, and still uses
XFire for web services. I've aborted the update process to CXF on more
than one occasion (for reasons I don't currently recall), and I don't
seem to be able to locate any documentation describing how to turn this
off...has anyone here already done this? If so, pointers would be
appreciated...
-Dale
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@appfuse.dev.java.net
For additional commands, e-mail: users-h...@appfuse.dev.java.net
