comment on

As the context is a web game there is probably money involved. It really depends on how far you want to push it. I advice you to first write down your security objectives i.e. wat are your requirements? You probably need more than establishing who sent the message. (If authentication is the only thing you need you can for example do this with SOAP Headers.) Next you do some threat analysis, e.g. what threats are relevant for you? Then you can start thinking about implementation. If your users perceive the system as unsafe your game will probably be short-lived.

With SOAs being all the rage, and WSs often being part of that, a lot of effort was put into security. I recommend scanning through the book "Improving Web Services Security" although this is MS based it gives a lot of useful information, e.g. architectures, security patterns etc.

Cheers

Harry

In reply to Re: A question about web service security by dHarry
in thread A question about web service security by Anonymous Monk

Are you posting in the right place? Check out Where do I post X? to know for sure.
Posts may use any of the Perl Monks Approved HTML tags. Currently these include the following:
<code> <a> <b> <big> <blockquote> <br /> <dd> <dl> <dt> <em> <font> <h1> <h2> <h3> <h4> <h5> <h6> <hr /> <i> <li> <nbsp> <ol> <p> <small> <strike> <strong> <sub> <sup> <table> <td> <th> <tr> <tt> <u> <ul>
Snippets of code should be wrapped in <code> tags not <pre> tags. In fact, <pre> tags should generally be avoided. If they must be used, extreme care should be taken to ensure that their contents do not have long lines (<70 chars), in order to prevent horizontal scrolling (and possible janitor intervention).
Want more info? How to link or How to display code and escape characters are good places to start.


Welcome to the Monastery
	PerlMonks