Our company website is made up of several .NET projects all on the same server in addition to the big main site in ColdFusion. To reduce code duplication we wrote a webservice that these projects can call for basic functions. For example we have a service were you give it a user ID you get back some information about the user (no passwords, but things like an address). What I am concerned about is someone poking their electronic nose in and catching some information we don’t want them to have. Is this a valid concern or will the information from the webservice stay internal since it and the projects calling it are on the same server?
So our webservices are all like http://www.companyname.com/webservices/webserviceuser.asmx and the .NET web projects are all like http://www.companyname.com/admin/project1/ or http://www.companyname.com/edituser/ Since they all share the same domain name, will the information get out to the general internet?
Also is it possible to add security to the webservice to confirm that the caller is an internal application (even if it’s just testing the URL of the page calling it)?
Thank you in advance.
It looks like the domain name http://www.companyname.com does not actually belong to your server but belongs to a load balancer, firewall or proxy of some sorts. The network call will go from your server to the box that owns the name and then back again. You can trick your server into believing that it actually owns the domain name by modifying the host file, but that may break other things.
If the box that owns the domain name and your server is on the same network, then the call will not leave that network. It will not “get out to the general internet” unless it has to. It is possible to set up a routing table on your server that sends network packages via a proxy server somewhere else before they reach http://www.companyname, but this is not likely unless your network topology is quite special.