Last post Oct 16, 2015 09:25 PM by GordMacDonald
Oct 16, 2015 03:36 PM|GordMacDonald|LINK
I am working with a company who has implemented web services (over the internet) which are intended to be accessed by a very restricted number of people - all of whom have a well defined role in relation to the company. The developer of the web services
is of the opinion that it is no big deal that the WSDL file is accessible to anyone who might happen upon it. His position is that the services themselves are protected therefore it is no big deal that anyone can download and view the WSDL file. I am of the
opinion that the WSDL should be protected form potential prying eyes - the less people who have no business about the web services the better.
I would welcome opinions on this issue.
If access to the WSDL file should be restricted, what would be the best practice for doing so?
Oct 16, 2015 06:00 PM|mgebhard|LINK
It's my experience sensitive URLs are restricted by firewall settings and really have nothing to do with code development.
There are many way to secure a WSDL. How you go about it depends on the project. I've built business service APIs where I physically hand over a dll, basic configuration instructions and cert. Others the network guys setup the security.
Oct 16, 2015 09:25 PM|GordMacDonald|LINK