How to secure web services created by ActionWebService?


#1

Hi,

Does anyone know how I can go about securing web services created from
ActionWebService? The manual from rubyonrails.org
(http://manuals.rubyonrails.com/read/book/10) doesn’t say anything at
all on this … or do I have to implement my own access control?


Sau S.

http://www.saush.com
http://read.saush.com
http://jaccal.sourceforge.net


#2

Hi,

Chang Sau S. wrote:



Rails mailing list
removed_email_address@domain.invalid
http://lists.rubyonrails.org/mailman/listinfo/rails

you can either use SSL to encrypt the data or a library like WSS4R
(www.rubyforge.org/projects/wss4r) that implements web service security
mechanisms like signature and encryption as defined by the Oasis
Consortium. WSS4R is tested with other WS-Security packages like WSE
from MS (for .NET) or JWSDP from Sun (for Java).

Regards,
Roland


#3

Thks! I’ll take a look at the WSS4R library.

Roland S. wrote:

(www.rubyforge.org/projects/wss4r) that implements web service
security mechanisms like signature and encryption as defined by the
Oasis Consortium. WSS4R is tested with other WS-Security packages like
WSE from MS (for .NET) or JWSDP from Sun (for Java).

Regards,
Roland


Sau S.

http://www.saush.com
http://read.saush.com
http://jaccal.sourceforge.net