Validating a form with php

Transport confidentiality protects against eavesdropping and man-in-the-middle attacks against web service communications to/from the server.Rule - All communication with and between web services containing sensitive features, an authenticated session, or transfer of sensitive data must be encrypted using well configured TLS.Rule - Web services must validate SOAP payloads against their associated XML schema definition (XSD).Rule - The XSD defined for a SOAP web service should, at a minimum, define the maximum length and character set of every parameter allowed to pass into and out of the web service.Web services need to authorize web service clients the same way web applications authorize users.A web service needs to make sure a web service client is authorized to: perform a certain action (coarse-grained); on the requested data (fine-grained).

Rule - Enforce the same encoding style between the client and the server. Integrity of data in transit can easily be provided by TLS.When using public key cryptography, encryption does guarantee confidentiality but it does not guarantee integrity since the receiver's public key is public.For the same reason, encryption does not ensure the identity of the sender.Ideally, any administrative capabilities would be in an application that is completely separate from the web services being managed by these capabilities, thus completely separating normal users from these sensitive functions.Schema validation enforces constraints and syntax defined by the schema.

Leave a Reply