Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • Tommy Messbauer 16 posts 36 karma points
    Feb 02, 2010 @ 18:24
    Tommy Messbauer
    0

    web services security

    So I am looking at the web services in umbraco and I notice that the service takes the username and password of a user to authenticate.  They are sent in plain text.  This seems like a huge security hole as any application that leverages the services could sniff the password of an account that has create/edit permissions. Once they have that, then the entire site could be compromised.

    I need access to secure services..  Do I need to modify the services project in the core?  Am I missing something? 

  • Morten Bock 1867 posts 2140 karma points MVP 2x admin c-trib
    Feb 02, 2010 @ 18:46
    Morten Bock
    0

    Not quite following the scenario where someone would be able to sniff your passwords. Do you mean installed packages, or hiw would the traffic get sniffed?

    I guess one solution is to use https when calling the webservices, which would make the connection secure?

  • Tommy Messbauer 16 posts 36 karma points
    Feb 02, 2010 @ 19:54
    Tommy Messbauer
    0

    We have silverlight controls that previously spoke to another provider.  We have decided to proxy the existing web services instead of import the API into WCF.  I dont want to introduce https to this domain..  I have some work to do.. bleh.

    So the take away is that people should not use the web services in production without enabling https.. Dont love it, but I have enough to find a way around this for now.  Thanks.

  • kunta 10 posts 30 karma points
    Apr 05, 2012 @ 01:15
    kunta
    0

    Does umbraco support WCF Restful web services. basically this requires adding code to the global.asax file. something like this:

    public class Global : System.Web.HttpApplication
    {
        protected void Application_Start(object sender, EventArgs e)
        {
            RouteTable.Routes.Add(new ServiceRoute("", new WebServiceHostFactory(), typeof(Myclass)));
        }
    }
  • kunta 10 posts 30 karma points
    Apr 05, 2012 @ 18:20
    kunta
    0

    can anyone answere this? i think i read somewhere that "Global" isn't accessible since Umbraco initializes this class.

  • kunta 10 posts 30 karma points
    Apr 09, 2012 @ 19:23
    kunta
    0

    Bump again. can anyone answere this? i think i read somewhere that "Global" isn't accessible since Umbraco initializes this class.

Please Sign in or register to post replies

Write your reply to:

Draft