Link to home
Start Free TrialLog in
Avatar of heyday2004
heyday2004

asked on

Web service security question

I am going to customize a third party software and I am going to add a Web services wrapper for its API and expose the methods via web services. The purpose is to use the software package's provided XML service API to do the same database operations to avoid direct connecting database.

With previous direct connecting the databse, the security issue is easy to resolve, because different user account have different permission levels and users can be granted access to the tables accordingly.

For the future xml web services wrapper, the problem is the provided XML service API has just one username/password to do all level of operations which might not be secure or appropriate. Is there any simple way to use the database user permissions to enhance the web service security? Any related suggestion/links/articles are really appreciated. Thanks a lot.
ASKER CERTIFIED SOLUTION
Avatar of JimBrandley
JimBrandley
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of heyday2004
heyday2004

ASKER

but i am not allowed to using direct DB connection in this solution. The software has its own XML service API, and the requirement is to just use this API to build the service wrapper. (the API has every operation to operate on the data records). Thanks a lot!
heyday2004 - Does the third part app expose any other API that might allow you to validate different users?

Jim