heyday2004
asked on
Web service security question
I am going to customize a third party software and I am going to add a Web services wrapper for its API and expose the methods via web services. The purpose is to use the software package's provided XML service API to do the same database operations to avoid direct connecting database.
With previous direct connecting the databse, the security issue is easy to resolve, because different user account have different permission levels and users can be granted access to the tables accordingly.
For the future xml web services wrapper, the problem is the provided XML service API has just one username/password to do all level of operations which might not be secure or appropriate. Is there any simple way to use the database user permissions to enhance the web service security? Any related suggestion/links/articles are really appreciated. Thanks a lot.
With previous direct connecting the databse, the security issue is easy to resolve, because different user account have different permission levels and users can be granted access to the tables accordingly.
For the future xml web services wrapper, the problem is the provided XML service API has just one username/password to do all level of operations which might not be secure or appropriate. Is there any simple way to use the database user permissions to enhance the web service security? Any related suggestion/links/articles are really appreciated. Thanks a lot.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
heyday2004 - Does the third part app expose any other API that might allow you to validate different users?
Jim
Jim
ASKER