Best Practice/Standard for Securing and Attaching Files in a Web Service
Thanks in advance.
Being new to Web Services as well as most of my team. I would like to know what is the best practice for transporting files via a Web Service. I know of several methods and one that seems to be the standard, but you can't really tell in this ever changing world of Web Services. Below are the options that I have found.
1. MIME encoded the file and embed in the payload of the SOAP message
2. SwA (SOAP with Attachments) which applies MIME attachments to SOAP. I think this is similiar to the way emails are handled.
3. DIME (Direct Internet Message Encapsulation) similiar to MIME encoding but is more efficient
4. MTOM (Message Transmission Optimization Mechanism) I really not understand this method, but it seems that this is the NEW standard. I just don't understand why.
5. Utilize HTTPS and download the file from an accessible file server w/ a login id and password.
Is there someone out there that understands this problem and can assist me in understanding the pros and cons of these methods? Or maybe there is a method that I'm overlooking altogether.
Thanks
JWSDP supports securing of attachments [1]and will soon support securing MTOM attachments too. [1]http://java.sun.com/webservices/docs/2.0/xws-security/ReleaseNotes.html
Similar Messages
-
MMO best practice. Download music and heavy files to users hard disk?
MMO best practice. Download music and heavy files to users hard disk?
I have just downloaded a Hello Kitty MMO app for research (for my kid of course).
I am developping my English teaching app with LOADS of classical music, mp3 sentences and heavy background bgs. Would the best idea be for client to download these to their hardisk ie I would not need to stream them and therefore save a fortune on bandwidth charges from my ISP???
CheersI see what you mean ie: they have to get the file to their computer one way or another BUT
a. If they are going to repeatedly use that file ie: a custom cursor or classical piece of music every week when they log on then it would be better for them to have it on their hardisk wouldn't it? If not, they would have to download it every time they log on. I take it that's why the hello kitty site makes you download 130 megas so you have everything on your hardisk, ie: you will be reusing all those assets MANY times in the future. The experience wil be very FAST as you have it on your local disk and needn't have to wait for streaming. -
Best Practice paper for Security
Does anyone have or know of a Best Practice Paper for Security?
Thanks,
Melissahttp://www.petefinnigan.com is another excellent security resource-- he has a couple of different checklists.
Justin
Distributed Database Consulting, Inc.
http://www.ddbcinc.com/askDDBC -
Any Oracle best practice/standards for inter-DataCente links for Oracle RAC
Hello Oracle Experts,
Am working for a customer to set up Oracle RAC architecture hosting SAP/Non-SAP applications per SLA levels(MC/BC/Standard) specs. Currently my network team needs calculation to arrive at whether we will go for a (1), (2) or (3) 10Gig links for inter DC (Data-Center) for Oracle RAC.. below is additional background:
• Porting all client SAP/Non-SAP Oracle databases to new 2 data-centers.
• There will be 10 blades (4x BL680s and 6x BL460s) in each DC (can scale-up/out later on).
• Clusters architecture to support Extended/Stretched RAC cluster feature
• Clusters 2-node each(1-datacenter1, 1-datacenter2) and nodes distributed across 2 x c7000 such that no cluster has more than one node in an enclosure.
• Each node will have - 4 NIC ports ( 2 x public and 2 x private) , 2 dual-port HBA
• Oracle ASM/ACFS (ASM Cluster File System), Voting Disk, OCR and Database files
• the versions are Oracle 11g RAC, Oracle 10g RAC and Oracle 9i (for DataGuard/Standby) on RHEL 6 on Proliant Blades (x86) + BladeMatrix
My network colleagues considering using DWDM across the 2 DCs(given the lesser cost?). Am still looking around if there are any Oracle/industry-best practices around this and having a calculation to support that..
Many Thanks in advance..
Regards,
AbhijitHi ,
There are no specific set of steps / practices for batch loading contents to ucm . It would be very much dependent on how many contents does the user have to load to UCM and how well the server is configured in terms of performance .
You can get more details from the following documentation link : http://docs.oracle.com/cd/E21043_01/doc.1111/e10792/c02_settings009.htm
Thanks,
Srinath -
SJSAS 8.2 secure and unsecure methods in one web service with ws-security
Hi
I'm trying to deploy a web-service (using SJSAS 8.2) using JAXRPC using message security (at the application level).
I have one simple question:
I have an EJB that exposes 2 methods as web-services, I specified in the sun-ejb-jar.xml that one of those methods is secure (and said nothing about the other) however when i run my test client I get a "WSS0202: No wsse:Security element in the message" error for both calls (instead of only for the secure call).
Is this normal? Isn't it possible to have a normal (with no security headers) call to one method and another (with security headers and secure envelope) to another in the same webservice (from the same EJB)?.I wasn't clear?
This is a big dev problem for a major Sun client.
No one knows or wants to answer? -
How to pass username and password while invoking a web service through wsdl
Hello All,
i am calling a web service through wsdl, but it is giving error 401. i want to know how to pass userid and password when i am invoking webservice?
i am using NetBeans 6.1.
i did following thing:
First i created one web application, then i right clicked on project new->web service client, and gave the url for my wsdl.
after that i create one main class and try to call my required operation by that wsdl.
Thanks in advanceThanks dumchikov, i tried the same thing what ever you told but there is no option for security.
when i right clicked on web service reference its open 1 window which have 2 tab one is quality of service and second is wsdl customization, then i clicked on wsdl customization. which contain Global Customization, Port Types, Port Type Operations, Port Type Faults, Binding, Binding Operations, Services, Ports and External Binding Files. it don't have security option. -
Best practice standard User Acess Test for WIN2012 AD
What is the Best practice standard User Acess Test for WIN2012 AD
Hello,
as before, add a computer to the domain and log on with a domain user account to the computer.
You should be able from the client machine to open the sharedfolders on the DCseither with:
\\DCName\sysvol
\\DCName\netlogonor \\NetBiosDomainName\sysvol
\\NetBiosDomainName\netlogon
Best regards
Meinolf Weber
MVP, MCP, MCTS
Microsoft MVP - Directory Services
My Blog: http://blogs.msmvps.com/MWeber
Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.
Twitter: -
Best practice guide for Batch Load utility in Oracle UCM.
Hi,
Is there any best practice guide for Oracle UCM Batch Loader utility.
We are looking for information regarding batch size in terms of number and size of contents. Also is there any loading time standards considering the contents are uploaded in filesystem where filestore provider is configured?
Thanks,
KrishnenduHi ,
There are no specific set of steps / practices for batch loading contents to ucm . It would be very much dependent on how many contents does the user have to load to UCM and how well the server is configured in terms of performance .
You can get more details from the following documentation link : http://docs.oracle.com/cd/E21043_01/doc.1111/e10792/c02_settings009.htm
Thanks,
Srinath -
Best Practice Analyzer for Exchange 2013
Greetings,
I have upgraded the messaging infrastructure from Exchange 2007 to Exchange 2013.
I want to test the Health of the system through ExBPA for Exchange 2013.
But i don't find any setup for Exchange 2013 like it was in 2010.
I went through an article by Office365 community, according to which for In-premises Exchange also we need to have office 365 account (can use trial account also) to get the downloader file for ExBPA 2013.
http://community.office365.com/en-us/w/deploy/office-365-best-practices-analyzer-for-exchange-server-2013.aspx
But to run the setup the servers needs to be connected to internet.
And, i don't want to expose my environment to internet in any condition.
Somebody, please suggest me if there is any setup available so that i can install directly without exposing to internet.
Thanks in advance.
Best Regards,
K2Welcome to Exchange 2013.
Exchange Server 2013 doesn't come with ExBPA for health check. This might help
http://exchangeserverpro.com/powershell-script-health-check-report-exchange-2010/
Apart from that you can run these commands too
Get-ServerHealth -Identity Exchange2013ServerName
Test-ServiceHealth
Cheers,
Gulab Prasad
Technology Consultant
Blog:
http://www.exchangeranger.com Twitter:
LinkedIn:
Check out CodeTwo’s tools for Exchange admins
Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose. -
Best Practice tips for publishing Captivate 8 project?
Does anyone have any Best Practice Tips for publishing Captivate 8 projects? Is HTML5/Flash the most universal?
We will begin testing/training before our LMS is functional.
We have no shared network capability or SharePoint type platform. Project is too large for e-mail even when zipped.
I am thinking that we will have to use thumb drive/CD along those lines.Hi There ,
Please refer to the below links :-
Adobe Captivate Help | Preview and publish Responsive projects
Adobe Captivate Help | Publish projects as HTML5 files
Adobe Captivate * Publishing Projects
Regards ,
Ajit -
Any best practice recommendations for controlling access to dashboards?
Everyone,
I understand that an Xcelsius dashboard compiled into a .swf file contains no means for providing access control to limit who can or how many times they can run the dashboard. Basically, if they have a copy of the .swf they can use it as much as they'd like. To protect access to sensitive data I'd like to be able to control who can access the dashboard and how many times or how long they can access it for.
From what I've read it seems the simplest way to do this is to embed the swf file into a web portal that requires a user to authenticate before accessing the file. I suppose I can then handle how long they can access it from the back end.
If I do this, is there anyway a user can do something like <right click - save as> on the flash file to save it on their local machine? Is there a best practice means for properly protecting the dashboard?
Any advice would be appreciated,
Jerry WinnerEveryone,
I understand that an Xcelsius dashboard compiled into a .swf file contains no means for providing access control to limit who can or how many times they can run the dashboard. Basically, if they have a copy of the .swf they can use it as much as they'd like. To protect access to sensitive data I'd like to be able to control who can access the dashboard and how many times or how long they can access it for.
From what I've read it seems the simplest way to do this is to embed the swf file into a web portal that requires a user to authenticate before accessing the file. I suppose I can then handle how long they can access it from the back end.
If I do this, is there anyway a user can do something like <right click - save as> on the flash file to save it on their local machine? Is there a best practice means for properly protecting the dashboard?
Any advice would be appreciated,
Jerry Winner -
Best practice architecture Wireless security
What is the best practice architecture for wireless to the wire network?
Use AP to Firewall and it to a router using RADIUS?
It apply to Control is a safety?
What models Cisco recomend (Hard and Soft?)
Is any place in Cisco that I can use to see Architecture recomendations that integrete Wireless, Radio (Microwave) and Voice over IP com-plete system?using one of the 802.1x types (i.e. LEAP, EAP-FAST, PEAP) with WPAv2 (AES encryption). Too bad that there are not many wireless adapters support AES.
All Cisco wireless product support AES in 12.3(2)JA recently.
Also, you may want to configure WDS for radio management. -
I canu00B4t get best practices documentation for COPA
Hello all:
Can anybody send me the best practices documentation for CO-PA (B86: CO-PA Baseline)? because I can´t get from this link
http://help.sap.com/bp_biv133/index.htm
You can send to these e-mail
[email protected]
[email protected]
Thanks a lot in advanced.hi Victor,
sorry, material distribution via email isn't allowed here. not sure why you cannot download, here i can right click that link and 'save as target'.
for pdf try following
https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/fb07ab90-0201-0010-c489-d527d39cc0c6
https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/ff61152b-0301-0010-849f-839fec3771f3
https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/1910ab90-0201-0010-eea3-c4ac84080806
hope this helps. -
Where does one find the Oracle Best Practice/recommendations for how to DR
What is the Oracle Best Practice for install/deployment and configuration of ODI 11g for Disaster Recovery?
We have a project that is using Oracle ODI 11g (11.1.1.5).
We have configured all the other Oracle FMW components as per the Oracle DR EDG guides. Basically using the Host ip name/aliasing concept to ‘trick’ the secondary site into thinking
it is primary and continue working with minimal (or no) manual reconfiguration. But will this work for ODI? The FMW DR guide has sections for SOA, WebCenter and IdM, but nothing for ODI.
Since ODI stores so much configuration information in the Master Repository..when this DB gets ‘data guarded’ to the secondary site and promoted to Primary…ODI will still think it is at the ‘other’ site. Will this break the actual agents running the scenarios?
Where does one find the Oracle Best Practice/recommendations for how to DR ODI properly?
We are looking for a solution that will allow a graceful switchover/failover with minimal manual re-configuration.user8804554 wrote:
Hi all,
I m currently testing external components with Windows Server and I want to test Oracle 11g R2.
The only resource I have is this website and the only binaries seem to be for Linux OS.You have one other HUGE resource that, while it won't answer your current question, you'd better start getting familiar with if you are going to use Oracle. That is the complete and official documentation, found at tahiti.oracle.com
>
Does anybody know how I can upgrade my Oracle 11.1.0.7 version to the R2 release?
Thanks,
Bertrand -
Best Practice guide for purchasing - payment card processing
Hello All,
\Is there any Best Practice guide for Payments by credit card/ Payment card Processing.
The biz process is:
The purchasing department users purchase goods/services using their corporate credit cards. They obtain a credit card voucher/receipt for the purchase made. The credit card co. turns in the credit card statements/files once in a month the Accounts Payable matches the receipts with the statements/files & makes the payments.
Will reward points.
Thanks & Regards,
ArpitaHi Arpita,
You might want to check this link
http://web.mit.edu/sapr3/docs/webdocs/purchpay/ppCC.html
http://www.bitpipe.com/tlist/Payment-Processing.html
http://whitepapers.sapinsideronline.com/view.cfm?session=&white_paper=4
Thanks,
Jenny
award points if helpful
Maybe you are looking for
-
Is it okay to clean your iPod Touch with just a washcloth and clean water?
I was just wondering if cleaning my iPod Touch with just water and a washcloth would be alright. Is there something better to use thats free?
-
Using opmn to start/stop hub repo and adapters
Also posted as a thread on the OracleAS General forum, I'm hoping the duplication will cover both areas of expertise. Apologies if I offend. "Configuring custom process with OracleAS 10g Release 2 (10.1.2) " A Metalink note kindly informed me that I
-
How to download fresh app from icloud
Hi, I have some question. I would like to download an app which I have ever downloaded it (so app store force me to download from iCloud service) However, previous saved data also being downloaded together with the app. How can I download the app wit
-
Hi, What are the DB tables in which OEM is saving scheduled jobs that one can add inside the OEM web interface? I have more than 100 jobs scheduled inside OEM and I want to get a report with job name, what that job is doing, etc. The kind of info tha
-
Cannot apply 10.5.1 update to Macbook Pro
I reinstalled Leopard from the DVD with my Macbook pro, using Archive and install option. Now, Leopard won't upgrade to 10.5.1 and remains suck on the first step at 'Configuring Installation' without any progress. It had successfully installed previo