more useful options | |
PerlMonks |
comment on |
( [id://3333]=superdoc: print w/replies, xml ) | Need Help?? |
I would have thought it better to encode your username and password inside the SOAP body and encrypt them using some form of key known to client and server. Naturally you would then have to mime encode it but thats what CDATA sections are for.
Of course this only becomes as strong as your key management but you are at least not passing your credentials in plain text. You could then, should you wish run this over SSL which is tradtionally port 443 (IIRC). On a different tack, I do think you should re-phrase the comment: HTTP is a protocol not a port. SOAP uses HTTP but can be transmitted over any port (hence why we have servers on 8080, 8800 etc as alternate standards). I think that is what you meant but (to my eyes) that isn't what you said. HTH In reply to Re: Securing your SOAP Application
by simon.proctor
|
|