c# - prevent cross domain requests to my wcf services -


i use wcf ui services communicate between javacsript (jquery) , server side code. find work effectively.

however want make more secure. can set wcf requests services can made within same domain, prevent external clients making such requests services.

so example, service opertion url http://www.website.com/service.svc/getproducts. want set wcf requests pages in http://www.website.com allowed. presume in realm of cross domain wcf requests need assistance in setting up. great.

this isn't possible if services exposed web.

if services isn't secure enough that, should fixing problem - not trying prevent people making requests.

anyone can use debugging proxy fiddler, charles, etc. or tool wireshark send any data want services - including complete replay of request made via browser. (including referrer http headers, etc).

if situation allows it, perhaps might consider using vpn appliance or similar, , restrict access users inside network (or coming in through vpn). way there less concern security of services.... however it's known fact "internal attackers" prevalent, if not more so, external ones... don't comfy.

let me head argument off @ pass too, while i'm @ it; might suggest browsers prevent cross site scripting that. yes, that's true. developer of other application adding client side script call services - , he/she make request on server side , proxy results along client.


Comments

Post a Comment

Popular posts from this blog

c# - SharpSVN - How to get the previous revision? -

i trying find efficient way previous revision of file text comparison using sharpsvn. using (svnclient c = new svnclient()) { c.authentication.defaultcredentials = new networkcredential( configurationmanager.appsettings.get("svnserviceusername") , configurationmanager.appsettings.get("svnservicepassword") , configurationmanager.appsettings.get("svnservicedomain") ); c.authentication.sslservertrusthandlers += new eventhandler<svnsslservertrusteventargs>(authentication_sslservertrusthandlers); collection<svnfileversioneventargs> fileversioncollection = new collection<svnfileversioneventargs>(); svnrevisionrange range = new svnrevisionrange(0, this.hooks.revision); svnfileversionsargs args = new svnfileversionsargs(); args.retrieveproperties = true; args.range = range; foreach (svnchangeitem item in log.changedpaths) { string path = this.repositorypath + it...
Read more

c++ - Is it possible to compile a VST on linux? -

for class project i'm attempting write vst plugin backed cuda. current cuda workflow on linux box, i'd prefer compile , link there. according wikipedia , should possible (i couldn't find steinberg documentation relevant linux) can't find makefile or instructions on how build if aren't using xcode or visual studio. i'm vst 3 sdk doesn't support linux. when try compile plugin under linux, error: ./base/source/fatomic.cpp:39:30: fatal error: libkern/osatomic.h: no such file or directory this issue caused following code in "vst3 sdk/base/source/fatomic.cpp" #if mac #include <libkern/osatomic.h> #if mac_os_x_version_min_required > mac_os_x_version_10_4 #define native_atomic_type (volatile int32_t*) #else #define native_atomic_type (int32_t*) #endif #elif windows #include <windows.h> #endif but hope compiling under linux work vst sdk 2.4. reading. jvstwrapper seems run on lin...
Read more

url - Querystring manipulation of email Address in PHP -

i using third party application (email2http) send me emailid, body , message. unable retrieve email id due name appended on , enclosed < , >. here querystring getting. test.php?from=ajay+reddy &subject=cx&body=somebody when print variable in php returns name , not email id. $from = $_get['from']; echo $from; //output ajay reddy please suggest me how can emailid also. i dont want use post method due testing , debugging. it's working fine. forgot use htmlentities() in debugging.
Read more