We help IT Professionals succeed at work.

Web service security question

heyday2004
heyday2004 asked
on
186 Views
Last Modified: 2013-12-17
I am going to customize a third party software and I am going to add a Web services wrapper for its API and expose the methods via web services. The purpose is to use the software package's provided XML service API to do the same database operations to avoid direct connecting database.

With previous direct connecting the databse, the security issue is easy to resolve, because different user account have different permission levels and users can be granted access to the tables accordingly.

For the future xml web services wrapper, the problem is the provided XML service API has just one username/password to do all level of operations which might not be secure or appropriate. Is there any simple way to use the database user permissions to enhance the web service security? Any related suggestion/links/articles are really appreciated. Thanks a lot.
Comment
Watch Question

Top Expert 2007
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION

Author

Commented:
but i am not allowed to using direct DB connection in this solution. The software has its own XML service API, and the requirement is to just use this API to build the service wrapper. (the API has every operation to operate on the data records). Thanks a lot!
Top Expert 2007

Commented:
heyday2004 - Does the third part app expose any other API that might allow you to validate different users?

Jim
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.