Board index » delphi » Hide WSDL document in SOAP app

Hide WSDL document in SOAP app

I am considering SOAP for a "private" web application: a SOAP
server/client pair to be used over the web, but the server should only
be accessible to the original client and not to just anybody finding it
out there...

I figured that if people wouldn't be able to get the WSDL document from
the SOAP server, they (at least) wouldn't be able to figure out how to
"drive" it.

Delphi 6's Web Services App's take care of publishing the WSDL document
for you from a SOAP server. Is it possible to turn this off?

Thanks
Marjan
_________________________
Marjan Venema - BJM Software
i...@bjmsoftware.com
http://www.bjmsoftware.com

 

Re:Hide WSDL document in SOAP app


Quote
"Marjan Venema" wrote:
> Delphi 6's Web Services App's take care of publishing the WSDL document
> for you from a SOAP server. Is it possible to turn this off?

Presumably by removing the WSDLPublish component.

I dont have D6 Ent with me right now, so I cant tell whether this would
break anything <g>

--
Dave Nottage

Re:Hide WSDL document in SOAP app


Quote
> Presumably by removing the WSDLPublish component.

> I dont have D6 Ent with me right now, so I cant tell whether this would
> break anything <g>

Thanks. With hindsight that was blindingly obvious of course <bg>.

I tried it and asking for the wsdl document now produces a CGI error.
Asking for wsdl/IWhatever produces a "the XML document could not be
produced". The rest (executing invoked methods) still works, so that's
certainly an option.

I also tried just renaming the PathInfo in the TWebDispatch of the
WSDLHTMLPublish component from wsdl* to wsdlmarjan*. The idea being that it
might be less secure, but it would still be possible to give specific
people/parties access to the wsdl document without having to send it round
myself all the time.

The results were interesting: I couldn't get the wsdl document using the
../wsdl/IShakespeare path. Which is what I wanted. However using
../wsdlmarjan/IShakespeare unexpectedly also did not produce a wsdl
document. Quick scan through the source showed that the TWSDLHTMLPublish
component actually has 'wsdl' and 'admin' hardcoded in several places of
its DispatchRequest method... No virtual methods to override, so I guess
that if you want to do it this way, it is a matter of "rolling your own"
TWSDLHTMLPublish component.

Marjan
_________________________
Marjan Venema - BJM Software
i...@bjmsoftware.com
http://www.bjmsoftware.com

Re:Hide WSDL document in SOAP app


You could also use authentication to secure the url...

Jeff

Quote
"Marjan Venema" <info@NO_SPAM.bjmsoftware.com> wrote in message

news:VA.00000026.0061115a@no...
Quote
> > Presumably by removing the WSDLPublish component.

> > I dont have D6 Ent with me right now, so I cant tell whether this would
> > break anything <g>

> Thanks. With hindsight that was blindingly obvious of course <bg>.

> I tried it and asking for the wsdl document now produces a CGI error.
> Asking for wsdl/IWhatever produces a "the XML document could not be
> produced". The rest (executing invoked methods) still works, so that's
> certainly an option.

> I also tried just renaming the PathInfo in the TWebDispatch of the
> WSDLHTMLPublish component from wsdl* to wsdlmarjan*. The idea being that
it
> might be less secure, but it would still be possible to give specific
> people/parties access to the wsdl document without having to send it round
> myself all the time.

> The results were interesting: I couldn't get the wsdl document using the
> ../wsdl/IShakespeare path. Which is what I wanted. However using
> ../wsdlmarjan/IShakespeare unexpectedly also did not produce a wsdl
> document. Quick scan through the source showed that the TWSDLHTMLPublish
> component actually has 'wsdl' and 'admin' hardcoded in several places of
> its DispatchRequest method... No virtual methods to override, so I guess
> that if you want to do it this way, it is a matter of "rolling your own"
> TWSDLHTMLPublish component.

> Marjan
> _________________________
> Marjan Venema - BJM Software
> i...@bjmsoftware.com
> http://www.bjmsoftware.com

Re:Hide WSDL document in SOAP app


Quote
> You could also use authentication to secure the url...

Now, there's a thought...

Thanks
Marjan
_________________________
Marjan Venema - BJM Software
i...@bjmsoftware.com
http://www.bjmsoftware.com

Other Threads