How secure is the default web services?

Just curious how secure the default web services configuration is.
Would mod_security need to be installed?
The server would only host 2 sites but I am concerned about basic security.

Your question is too vague to be answerable.
Any web server security depends largely on what you're doing.
If you're just serving static pages then its pretty secure - there isn't much anyone can do to compromise your server.
If you're running any kind of dynamic content then your security depends on a) the server-side engine you use (e.g. PHP, Java, Ruby, etc.) and b) the competency of whoever's writing your code.
If you're using any kind of database-driven content then your security also depends on your database engine, and your ability to secure your database.
The upshot is that the software as delivered is only as good as how you configure and run it. mod_security (if you take the time to configure it) offers some protection, but it doesn't beat taking the time to code your application correctly.

Similar Messages

  • How to use the default database service name on creating procedure for data

    how to use the default database service name on creating procedure for datagaurd client failover ??? all oracle doc says create a new service as below and enable at DB startup. but our client is using/wanted database default service to connect from application on the datagaurd environment (rac to non rac setup).please help.
    Db name is = prod.
    exec DBMS_SERVICE.CREATE_SERVICE (service_name => 'prod',network_name =>'prod',failover_method => 'BASIC',failover_type => 'SELECT',failover_retries => 180,failover_delay => 1);
    says already the service available.
    CREATE OR REPLACE TRIGGER manage_dgservice after startup on database DECLARE role
    VARCHAR(30);BEGIN SELECT DATABASE_ROLE INTO role FROM V$DATABASE;
    IF role = 'NO' THEN DBMS_SERVICE.START_SERVICE('prod');
    END IF;
    END;
    says trigger created, but during a swithover still the service is listeneing on listener.
    tns entry.
    prod =
    (DESCRIPTION =
    (ADDRESS_LIST =
    (LOAD_BALANCE = YES)
    (ADDRESS = (PROTOCOL = TCP)(HOST = prod1)(PORT = 1521))
    (ADDRESS = (PROTOCOL = TCP)(HOST = prod2)(PORT = 1521)) ---> primary db entry
    (ADDRESS_LIST =
    (ADDRESS = (PROTOCOL = TCP)(HOST = proddr)(PORT = 1521)) --> DR DB entry
    (CONNECT_DATA =
    (SERVICE_NAME = prod)
    thanks in advance.
    Edited by: 854393 on Dec 29, 2012 11:52 AM

    Hello;
    So in the example below replace "ernie" with the alias you want the client to use.
    I can show you how I do it :
    First an entry need to be added to the client tnsnames.ora that uses a SERVICE_NAME instead of a SID.
    ernie =
    (DESCRIPTION =
        (ADDRESS_LIST =
           (ADDRESS = (PROTOCOL = TCP)(HOST = Primary.host)(PORT = 1521))
           (ADDRESS = (PROTOCOL = TCP)(HOST = Standby.host)(PORT = 1521))
           (CONNECT_DATA =
           (SERVICE_NAME = ernie)
    )Next the service 'ernie' needs to be created manually on the primary database.
    BEGIN
       DBMS_SERVICE.CREATE_SERVICE('ernie','ernie');
    END;
    /After creating the service needs to be manually started.
    BEGIN
       DBMS_SERVICE.START_SERVICE('ernie');
    END;
    /Several of the default parameters can now be set for 'ernie'.
    BEGIN
       DBMS_SERVICE.MODIFY_SERVICE
       ('ernie',
       FAILOVER_METHOD => 'BASIC',
       FAILOVER_TYPE => 'SELECT',
       FAILOVER_RETRIES => 200,
       FAILOVER_DELAY => 1);
    END;
    /Finally a database STARTUP trigger should be created to ensures that this service is only offered if the database is primary.
    CREATE TRIGGER CHECK_ERNIE_START AFTER STARTUP ON DATABASE
    DECLARE
    V_ROLE VARCHAR(30);
    BEGIN
    SELECT DATABASE_ROLE INTO V_ROLE FROM V$DATABASE;
    IF V_ROLE = 'PRIMARY' THEN
    DBMS_SERVICE.START_SERVICE('ernie');
    ELSE
    DBMS_SERVICE.STOP_SERVICE('ernie');
    END IF;
    END;
    /lsnrctl status - should show the new service.
    When I do this the Database will still register with the listener. I don't give that to the clients. That one will still be available but nobody knows about it. Meanwhile "ernie" moves with the database role.
    So in my example the default just hangs out in the background.
    Best Regards
    mseberg
    Edited by: mseberg on Dec 29, 2012 3:51 PM

  • How to consume the Abap web service in Java web-dynpro

    Hi Everyone,
    I want to consume ABAP web service in java web dynpro.
    so when i tried to create model in java web-dynpro, it gave me an error message saying "Invalid WSDL or WSDL not found".
    i think this error message is because, to access the WSDL of abap web-service, we need username and password, but the dialog box in java web-dynpro is not programmed to take username and password from us and send it to the server to get the WSDL.
    i came to this conclusion because i was able to successfully test my abap web-service in java portal. the java portal asked me the username and password to open the WSDL.
    So, please help me to consume the abap web service in java web-dynpro.
    Thanks in advance
    Regards
    Vikas

    Hi Vikas ,
       while creating a model in web-dynpro try to use the "import web service model" option and if you are using local server choose the local server option so that you can get the available web services which are in server, select one among them and continue you process.I think this is the some what easy way .
    If you want use the URL for wsdl better to once test the available service in server and copy that WSDL URL and paste over  WSDL textbox.
    I think this is pretty help ful to you
    Best Regards
    Srikatnh

  • How to set the default web site for WGM users

    Hi,
    In Tiger server there was a place to input the URL of the default web page for all browsers when users logged into network home folders. This was really helpful and saved a bunch of bandwidth and class time. Is there any way to do this in Leopard server? If so, please point me in the right direction.
    Thanks,
    ..Tom

    Antonio, Thanks! That seems to have worked for Safari. However, we like Firefox too, and I tried to set that up the same way, but was told "can't find a manifest for that app". I wonder if I can copy the Safari list then alter and rename it?
    ...Tom

  • How to launch the default web browser from a java app on MAC

    I know, this topic has been brought up over, and over, however I couldn't find info regarding MAC environments. I don't have any former experience with MAC, but now I'm getting desperate for a solution. I need to be able to pop up the default browser showing a certain URL on MAC/OS. Any clue would be appreciated.
    thanks,
    m. berdan

    I wrote libraies that will do this:
    http://ostermiller.org/utils/Browser.html
    I also keep a list of other resources to help you out:
    http://dmoz.org/Bookmarks/D/deadsea/Java_Help/Web_Browser/
    Stephen

  • How to restore the default web configuration in Lion

    Hi guys so I was messing around with apache/php/mysql, and after trying to enable openssl I think i made a mistake because when I try to enable web sharing by checking off the checkbox under system preferences it just turns back off right away. If i go to 127.0.0.1 it doesn't work and neither does the localhost. I could try going through the httpd.conf files to fix it if someone could help me with that but I'd rather just try starting over, so i was wondering if there's a command to restore the web configuration back to factory settings. I know there's one for lion server which is $ sudo serveradmin command web:command=restoreFactorySettings Is there anything similar i could do in Mac OS X Lion 10.7.4??
    Thanks

    No I haven't, could you explain how that works?? i can try it, it's something like this right? http://support.apple.com/kb/HT5289

  • Details on how to use the RESTful Web Services SDK

    Hello,
    this sounds really interesting for an important use case we're currently developing. Unfortunately, I am not a skilled developer and would therefore need to know two more things:
    1) in the beginning, it says ''assumes that there are no parameter values that need to be set'. Is this a core restriction or just to keep things simpel for this example? For our specific use case, we would need to at least transmit a report name and an execution date (which is not necessarily always equal to 'today')
    2) can we have the PDF sent to a Netweaver App Server?  Can the target location there be parameterized somehow?
    3) I understzand that there's also the Open Doc interface that could achieve similar features. Could you please elaborate which are the differences in the two approaches, maybe even pros and cons?
    Thanks
    Philipp

    Hi Philipp,
    1) This is just to keep things simple for the example
    2) You would need to first send the PDF to a file system, and then have a separate process to send it to the Netweaver App Server.  There isn't built-in integration to the Netweaver App Server.
    3) Stated simply:
    OpenDocument allows you to reference content via a single URL, best used for embedding content in your web page or application.   Pro:  Simplest Option  Con: Less power than REST API
    The REST API allows you to manipulate report objects in Web Intelligence and do things like set datasource and create report scheduling jobs.  Pro: More Power and Flexibility  Con: Requires knowledge of programming with REST APIs.
    Best Regards,
    Terry

  • How to configure the Java Web Services Environment

    My computer is not connected to a network or to internet.
    I want to perform below mentioned tasks locally(in my own computer).
    [1] Assume that I am the service provider and I want to publish
    the service in a Service Registry.     
    [2] Now assume that I am also acting as a Service Requestor and
    I want to find the available services from the Service Registry.
    [3] As a Service Requestor now I found the required service and
    I want to access that service from the Service Provider
    (Service Provider is also myself) .
    My questions are....
    [1] Is it possible to perform above all tasks in my local computer ?
    [2] If it is possible, what are the Configurations & Settings that have to be done ?

    You need to add to your CLASSPATH variable
    the javatv.jar location and to the PATH variable
    the javatv_fcs location(not the lib).
    You also need to install jmf and jaxp packages.
    Have fun.

  • How do we deploy several Web Services under the same Root Context?

    We have several webservices, each in their own WAR file, running on OC4J 10.1.3. They each have their own Root Context and Oracle Welcome Servlet. This works well, and since they are all separate we can easily hot-deploy updated versions.
    The drawback is separate URL's like :
    .../RootContext1/WebService1
    .../RootContext2/WebService2
    .../RootContext3/WebService3
    How do we assemble our Web Services to share a single Root Context? We are hoping to achieve URL's like this :
    .../WebServices/WebService1
    .../WebServices/WebService2
    .../WebServices/WebService3
    Do we have to bundle them all into the same WAR/EAR (and loose the power of individual deployment) or is there another way?
    Thanks in advance!

    If each one is a separate WAR file, then at the OC4J level each one will need a separate root context as it gets bound into the default-web-app.
    I guess the corollary question here is if there is someway to combine multiple webservice endpoints into one WAR file -- which can then be mapped to a single root context.
    I'll try and get someone more WS savvy than myself to take a look at this for you.
    And Clever Apache is a viable option.
    cheers
    -steve-

  • How to change the default operators in sap web ui Search screen?

    How to change the default operators in sap web ui Search screen?
    For eg. Using advance search option , I have some fields with default operators like equals, contains,is between, is less than and is greater than. I don't need all these operators for this field.
    I need only "equals" operator. How do i remove the rest of the operators?

    There is a view cluster crmvc_dq where all the standard setting is present related to you r issue. Please try if you can modify that, that way you will avoid the code.
    Incase you are not able to make any changes there then in that case you have to redefine the method GET_DQUERY_DEFINITION () of the IMPL class to delete the operators for a particular serach field.
    Regards,
    Harshit

  • How to deploy my own web services to the Start BPEL PM Server?

    Recently, I am learning the JDeveloper BPEL Designer(version 10.1.2.0), I had finished my first BPEL process CreditFlow flowing the quickstart guider.
    Now I wonder how to deploy my own web services to the Start BPEL PM Server? I mean I don't want to invoke the CreditRatingService as I did flowing the quickstart guider, but to invoke my own web servcies. Now I had made some web services with eclipse and deployed them to the tomcat5.0. but how can I invoke these my own web services just like I invoked the CreditRatingService in the JDeveloper BPEL Designer?
    Thank you!

    Copy the WSDL file from your Tomcat server onto your development machine. Add them to your project in JDeveloper. Then add a partnerlink and specify the WSDL location. Then add you role, variables and compile!

  • How to update the Query of an existing WEBI document's dataprovider, through the RESTful Web service SDK.

    Hi,
    I am trying to update the Query of an existing WEBI document's dataprovider, through the RESTful Web service SDK.
    For this, first i will get the Dataprovider information,
    Example:
    URI: http://localhost:6405/biprws/raylight/v1/documents/11111/dataproviders/DP0
    Expected result;
    <dataprovider>
         <id>DP0</id>
         <name>Query 1</name>
         <dataSourceId>1234</dataSourceId>
         <updated>2014-04-18T11:55:21.000-08:00</updated>
         <duration>1</duration>
         <isPartial>false</isPartial>
         <rowCount>113</rowCount>
         <flowCount>11</flowCount>
         <dictionary>
              <expression qualification="Dimension" dataType="String">
                   <id>DP0.DO1</id>
                    <name>EmpID</name>
                   <description>Employee ID.</description>
                    <dataSourceObjectId>DS0.DO1</dataSourceObjectId>
              </expression>
              <expression qualification="Dimension" dataType="String">
                   <id>DP0.DO2</id>
                   <name>EmpName</name>
                   <description>Employee Name.</description>
                   <dataSourceObjectId>DS0.DO2</dataSourceObjectId>
              </expression>
         </dictionary>
         <query>SELECT Employee.EmpID, Employee.EmpName FROM Employee</query>
    </dataprovider>
    Then Changing the above dataprovider's Query to some thing like below,
    <query>SELECT Employee.EmpID, Employee.EmpName FROM Employee where Upper(Employee.EmpName)='RAJ'</query>
    Please let me know the RESTful Call required to do this.
    Thanks in advance.
    Thanks,
    Mahendra.

    FYI, the output of this call returns something like:
    <?xml version="1.0" encoding="UTF-8"?> 
    <queryplan>
        <union>
            <fullOuterJoin>
                <statement index="1">SELECT 'FY' || to_char(SALES.invoice_date,'yy'), count( distinct SALES.inv_id) FROM SALES GROUP BY 'FY' || to_char(SALES.invoice_date,'yy')</statement>
                <statement index="2">SELECT 'FY' || to_char(SALES.invoice_date,'yy'), sum(INVOICE_LINE.nb_guests) FROM SALES, INVOICE_LINE, SERVICE_LINE, SERVICE WHERE ( SALES.INV_ID=INVOICE_LINE.INV_ID ) AND ( INVOICE_LINE.SERVICE_ID=SERVICE.SERVICE_ID ) AND ( SERVICE.SL_ID=SERVICE_LINE.SL_ID ) AND ( SERVICE_LINE.service_line = 'Accommodation' ) GROUP BY 'FY' || to_char(SALES.invoice_date,'yy')</statement>
            </fullOuterJoin>
            <fullOuterJoin>
                <statement index="3">SELECT 'FY' || to_char(SALES.invoice_date,'yy'), count( distinct SALES.inv_id) FROM SALES GROUP BY 'FY' || to_char(SALES.invoice_date,'yy')</statement>
                <statement index="4">SELECT 'FY' || to_char(SALES.invoice_date,'yy'), sum(INVOICE_LINE.days * INVOICE_LINE.nb_guests * SERVICE.price) FROM SALES, INVOICE_LINE, SERVICE WHERE ( SALES.INV_ID=INVOICE_LINE.INV_ID ) AND ( INVOICE_LINE.SERVICE_ID=SERVICE.SERVICE_ID ) GROUP BY 'FY' || to_char(SALES.invoice_date,'yy')</statement>
            </fullOuterJoin>
        </union>
    </queryplan>

  • How to change the default servcie port number to be checked for the IPS sig

    Dear
    i have an AIP-SSM (IPS) installed in a an ASA firewall.
    i have configured an access-list in the firewall to forward the traffic coming from the internet toward the internal server to be checked by the IPS module.
    but the case is that the services have to be checked is not the default services port numbers.
    http port is 8081
    oracle port is 2006
    and many other services.
    the question now, is how to change the default service number in the IPS in order to be checked by the corresponding service signatures?
    Thanks

    You would set those as part of the signature variables.
    http://www.cisco.com/en/US/docs/security/ips/6.1/configuration/guide/cli/cli_signature_definitions.html#wp1040009

  • Problem in Accessing the Siebel Web Service

    Hi,
    I have a seibel web service which needs to be called from a SAP Webdynpro application. The URL is something like this.
    http://xxx.yyy.com:80/eai_enu/start.swe?SWEExtSource=SecureWebService&SWEExtCmd=Execute
    I am using Adaptive Webservice model and without hardcoding this value i should be able to send the user name and password information to the webservice.
    How i can achieve that. I am getting the error that,
    <b>returned http code 500 (Internal Server Error) with unacceptable content type (text/html;charset=UTF-8).
    <html><head><title>Message:</title></head>
    <body>The server you are trying to access is either busy or experiencing difficulties. Please close the Web browser, open a new browser window, and try logging in again.[12:02:58]</b>
    Siebel team was asked us to send the user/password info through SOAP header.
    <b>Is there any way to set thatbusername/password info in NWDS (Basically set the SOAP Header) and if it is OK only if we can set it in the Webservices security in the Visual Administrator.</b>
    Appreciate your reply.
    Thanks and Regards,
    Sekar

    Sekar,
    I have the same problem.
    How did you change your web service as Anonymous?
    I have a user id and pwd, i tried by appending end of the service and tried with basic authentication by passing uid and pwd. No luck.
    Can you please help me how to change web service as anonymous?
    Regards,
    Sridhar

  • How to use the Default sharepoint credential (DefaultNetworkCredentials )in the C#.

    How to use the Default sharepoint credential (DefaultNetworkCredentials )in the C#.
    I am using the copy.asmx web service to upload and download the files from sharepoint Document library to .Net application,how to get the Default sharepoint credential from the .net application?

    Hello,
    YOu can use below line to pass default credential in code: (You can also pass domain,username, password as string if you want)
    clientService.Credentials = System.Net.CredentialCache.DefaultCredentials;
    http://ktskumar.wordpress.com/2009/03/03/upload-document-from-local-machine-to-sharepoint-library/
    http://sharepoint.infoyen.com/2012/02/23/upload-file-in-document-library-with-metadata-inculding-lookup-field-using-sharepoint-web-service/
    Hope it could help
    Hemendra:Yesterday is just a memory,Tomorrow we may never see<br/> Please remember to mark the replies as answers if they help and unmark them if they provide no help

Maybe you are looking for