Ask the experts: about webservice security issues camouflage and unauthorized access

Category: Java EE
 
xzqq1492xzqq
2008-10-26 06:26:53

Sponsored Links
webservice services available online later, provides a number of services available to other users or system calls, but there are a question to ask of you:
1. Some methods such as the service name query documents based on user numbers or to obtain additional information;
2. As webservice service characteristics, we only provide services and interfaces, specific calls executed by each service requester
3. This presents a case, the caller's identity may be landed with A, but B's identity to call Shique pass because the client calls the client maintain their own, independent of the service provider;
4. Even I know the interface, I can pass a different user name to invoke remote methods, causing safety problems
I would like to ask you to master, this situation did not realize solutions using relatively simple.
Thank

Sponsored Links

shixinsheng2009
2008-10-26 06:40:07
method1 (String uid, String pwd) {
/ / uid and pwd under the authority to determine whether there
/ / if none
/ / perform the following procedures have
....
}
feng8000
2008-10-26 06:45:22
verify the authorization of each operator can
wds072
2008-10-26 06:59:30
actually implement methods and WEB development is no different. First, use the axis landed successfully saved to AXIS removed after permission of the Session, and then each method in a sentence verification statement in respect OK
Domain and server ip had changed since 8/23/2013. Suspend the user registration and posts for program maintenance.