security

Securing a service using WS-Security

<p>We have an existing Web-Service accessible to everyone who knows the address of the endpoint. The software used on the server:</p><ul><li>Java 6</li><li>Apache CXF 2.2.3</li><li>SOAP Webservice</li></ul><p>Because of massive abuse in the past the access should be limited to authorized people only. The login credentials are stored in a database and should be checked with every request made on the service. The login data should be transmitted in the SOAP-Envelope header and an interceptor should&nbsp; verify the data before the actual invocation of a webservice method. The solution should be based on an open standard which is well defined.</p>

Providing contact to website users

How to provide the possiblity to contact a certain entity is difficult for many companies and organizations. Especially for small NGOs, it is not possible to have a big mailing infrastructure and to maintain server-side spam filtering. Therefore, email addresses should not be published as plaintext. Nevertheless, the website of the NGO should somehow offer the possibility to contact the NGO. It is important that the technology used is widespread and cheap, since NGOs do not have a large amount of money to spend on specialized technology. If possible, open source software should be used. As the existing infrastructure (apache server, msql server) is offered for free, it should be used to solve this problem. The only important thing is that spamming should not be possible and the tool should guarantee that a human being is trying to make contact, not an (evil) software program.

Connecting an Authentication Server to a Drupal Content Management System

For my Ph.D. thesis I need a community portal, which supports students to share their experience about internet technologies. It turned out, that the content management system Drupal is a perfect fit to fullfill the given requirements. As usual for a content management system, Drupal also has its own user management function. This means, that students have to register before they may produce content on the portal. Although TechScreen is a software system on a prototype level, it is yet hosted on a server inside the TU computer network. Therefore it is expected to provide a login procedure, which makes use of the students TU credentials. So the big question is, how to connect the TechScreen system to the TU authentication server.

Pages

Subscribe to security