Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I work with a group that is very adamant on keeping the wsdl and xsd that are associated with our web services as private as possible, and only distributing them to customers on a need to know basis.
My question is this… Is this overkill? I realize that adds anyone layer of obscurity to any potential attacks, but is this really doing much more than adding a layer of security via a super secret parameter set? Or are there other reasons I am missing?
If you want to make it harder for people to use your web services, then you should definitely not provide or host your WSDL and XSD files, or provide any sort of documentation. Beyond that, you’re not securing your web services very much.
For your regular customers, this should be fine, but the determined individual will find a way to access your web services. All you can do is make it as hard as possible for them to do so, and that’s by using security best-practices.