more useful options | |
PerlMonks |
SOAP::Lite - securest authentication route...by cLive ;-) (Prior) |
on Apr 20, 2004 at 01:36 UTC ( [id://346503]=perlquestion: print w/replies, xml ) | Need Help?? |
cLive ;-) has asked for the wisdom of the Perl Monks concerning the following question:
Being paranoid, I'm working on locking down access to a SOAP server. So far, I've got:
So basically, only requests from the correct IP addresses with the correct authentication over HTTPS get through. But I'm wondering if that's enough :) The system needs to be flexible enough that it can easily be expanded, but security is definitely a priority over flexibility. The other method I thought of (dropping the Basic Authentication) was:
Or am I approaching this the wrong way? Searching on this I haven't found any advice over use HTTPS and basic auth... cLive ;-) Update: to avoid confusion here, all clients are servers we have control over. I'm leaning towards creating a local Certification Authority and SSL certificate authentication - This article looks promising. Thanks for thoughts so far :)
Back to
Seekers of Perl Wisdom
|
|