Hidden WCF endpoints

Posted by Matt on Stack Overflow See other posts from Stack Overflow or by Matt
Published on 2010-03-17T03:46:30Z Indexed on 2010/03/17 3:51 UTC
Read the original article Hit count: 363

Filed under:

wcf

|

security

For the sake of arguement, lets say that I've got a basicHttp WCF service. Besides implementing authentication (login/logout methods), what is stopping someone from just cracking open Visual Studio, adding a web reference to my website's service, and then playing playing around with my service? I'm not familiar with a method of stopping someone from doing this. The idea of someone downloading all of my Data/Operation contracts and then start playing around is keeping me up at night, and I like my sleep!

© Stack Overflow or respective owner

Related posts about wcf

Calling a WCF service from another WCF service

as seen on Stack Overflow - Search for 'Stack Overflow'
Hi ! I have a WCF service hosted on a windows service on my Server1. It also has IIS on this machine. I call the service from a web app and it works fine. But within this service, I have to call another WCF sevice (also hosted on a windows service) located on Server2. The security credentials are… >>> More
wcf + Byte array through wcf service using MTOM

as seen on Stack Overflow - Search for 'Stack Overflow'
Hi, How to pass Byte array through wcf service using MTOM..please give me any sample >>> More
WCF 4.0 new enhancements over WCF 3.5

as seen on Stack Overflow - Search for 'Stack Overflow'
What are the new enhancements in WCF 4.0 and how easy would it be to upgrade existing WCF services to 4.0? >>> More
Reuse classes and objects for both WCF and non-WCF

as seen on Stack Overflow - Search for 'Stack Overflow'
I have several classes such as Order, Customer, etc. These classes serve for holding data and nothing more. I want to be able to reuse these classes in other projects in the future, but for some reason I don't quite understand, WCF forces me to decorate the data members with the [DataMember] attribute… >>> More
Summarizing client side asynchronous invocations in WCF/WCF Silverlight

as seen on Code Project - Search for 'Code Project'
Summarizing client side asynchronous invocations in WCF/WCF Silverlight. Introducing ServiceClient class. >>> More

Related posts about security

sudo apt-get update errors

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
Here is what I get on my terminal when running sudo apt-get update errors. I dont know if the issue is from my sources.list or my proxy setup(have not made any changes to proxies). Thank you for any help in advanced. Ign http://security.ubuntu.com oneiric-security Release.gpg Ign http://security… >>> More
The Security-Developer Gap: Why IT Security Can't Fix Your Security Problems Alone

as seen on Devx - Search for 'Devx'
Two well-known white hats explain how hackers take advantage of security holes left by enterprise application developers. >>> More
The Security-Developer Gap: Why IT Security Can't Fix Your Security Problems Alone

as seen on Internet.com - Search for 'Internet.com'
Two well-known white hats explain how hackers take advantage of security holes left by enterprise application developers. >>> More
StackOverFlowError while creating Mac object on AS400/Java

as seen on Stack Overflow - Search for 'Stack Overflow'
Hello all, I am a newbie to AS400-Java programming. I am trying to create my first program to test the implementation of Message Authentication Code (MAC). I am trying to use the HMACSHA1 hash function. My (Java 1.4) program runs fine on a dev box (V5R4).But fails terribly on the QA box (V5R3). My… >>> More
Google App Engine - Spring Security Issue (java.security.AccessControlException)

as seen on Stack Overflow - Search for 'Stack Overflow'
I'm currently getting the AccessControlException below when I deploy to app engine (I don't see it when I run in my local environment). I'm using GAE 1.3.1, Spring 3.0.1, and Spring Security 3.0.2. Any ideas how to get around this issue? It appears to be an issue with Spring Security trying to get… >>> More