Category Archives: security

Security Considerations in Firefox When Accessing Different Domains

If you are a web developer you may have experienced that there are many situations that you need to access remote domains for data sources. For an example if you are building a weather mashup, you may like to connect … Continue reading

Posted in firefox, javascript, security | Tagged , , , , | 1 Comment

Sending Encrypted Binary Messages With PHP Web Services

Web services has made the communication between heterogeneous environments (say PHP with .NET  or Java) a reality. It has defines standards for communicate not only with texts but also with binaries. And more importantly you can keep these communication confidential … Continue reading

Posted in php, security, SOA, Tutorial/Guide, web services, wsf/php, wso2 | Tagged , , , , , , , | 2 Comments

WS-SecurityPolicy With PHP

WS-SecurityPolicy specification defines standards for defining security policies for your web service. WSF/PHP allows you to declare your security policies according to these standards. You can take one of following approaches to associate policies to your web service or client. … Continue reading

Posted in DataServices, php, REST, security, Tutorial/Guide, web services, WSDL, wsf/php, wso2, xml, xml schema | Tagged , , , , , , | 14 Comments

Signing SOAP Headers In PHP Web Services

Non-Repudiation and Integrity are two main security issues addressed by signing a message. If you are writing a web service or a service consumer in PHP you can use the WSF/PHP toolkit to sign messages. Here is how you can … Continue reading

Posted in php, security, Tutorial/Guide, wsf/php, wso2 | Tagged , , , , , , , | Leave a comment

Detect Replay Attacks In to Your PHP Web Service

Replay attack is a common kind of attack, the hackers are using to break the security of a web service. If you can intercept one soap message while it is transferring through the wire, you can replay that message to … Continue reading

Posted in php, security, Tutorial/Guide, web services, wsf/php, wso2 | Tagged , , , , , , | 2 Comments

WSF/PHP Samples Explained

Here is a simple categorization of the WSF/PHP samples. You can access all the wsf/php samples from http://labs.wso2.org/wsf/php/solutions/samples/index.html. Sample Category Example Client Source Code Example Service Source Code Online Demo Beginners echo_client.php echo_service.php Demo REST echo_client_rest.php echo_service_with_rest.php Demo WSDL Mode … Continue reading

Posted in DataServices, php, REST, security, Tutorial/Guide, web services, WSDL, wsf/php, wso2 | Tagged , , , , , , , , , , , | Leave a comment

Demo on Providing PHP Web Service with Username Token

WSF/PHP Demo Site contains number of applications that demonstrate the different features of WSO2 WSF/PHP in practice. Calendar Service is one of such application. It demonstrate the use of WSDL Mode for a service with different policies for different operations … Continue reading

Posted in security, web services, WSDL, wsf/php, wso2 | Tagged , , , , , | Leave a comment

Test your SSL SOAP Client with an Online Service

WSF/PHP Demo Site services can be accessed via https (Secured HTTP)  transport. For an example you can access the echo service via https from https://2ec2.wso2.org/samples/echo_service.php endpoint. This can be used to identify whether you WSF/PHP instance is built with SSL … Continue reading

Posted in security, Tutorial/Guide, web services, wsf/php, wso2 | Tagged , , , , , | 4 Comments

Http Authentication for SOAP Messages in PHP – 2 Minutes Introduction

Yesterday’s blog on “Using Username token in Authentication” I explained a standard way of authenting SOAP messages in Application layer (Message level Authentication). Anyway you can authenticate SOAP messages in transport level itself. For an example with HTTP Transport we … Continue reading

Posted in 2 minutes guide, security, Tutorial/Guide, web services, wsf/php, wso2 | Tagged , , , , , , | 1 Comment

Authenticate using Username Token from PHP – 2 Minutes Introduction

Username token is a simple token sent inside SOAP message header element with username and password information.  It is used to authenticate SOAP messages in a standardized way. Sending Username Token To send username token with WSF/PHP you can use … Continue reading

Posted in 2 minutes guide, security, Tutorial/Guide, web services, wsf/php, wso2 | Tagged , , , , | 3 Comments