Recommendations on security: Disabling the Http-get and Http-post protocols for XML Web Services that are in use
Microsoft Corporation
February 2002
Summary: For security reasons, Web service operators may need to disable Http-get and Http-post message processing protocols for XML Web services. Disabling these protocols helps prevent external Web sites from maliciously communicating with XML Web services on your Intranet.
Introduction to asp.net XML Web Services disables the Http-get and Http-post protocol disabling Http-get and/or Http-post impact summary
Because of the inherent functionality of the Http-get and http-post messaging protocols, a malicious Web page can invoke an XML Web service that runs behind a firewall under certain conditions, using parameters that it defines. This is similar to some malicious redirection issues based on Http-get. This type of security issue can occur if the XML Web service supports the use of Http-get or http-post message processing protocols (which are enabled by default for XML Web services created using asp.net).
Although it is not easy to create a malicious Web page with Http-post, if the XML Web service does not use the Http-get and Http-post message processing protocols, it should still provide XML Web services created with ASP.net Support for both protocols is disabled on the production computer.
Yun_qi_img/dishttpget01.gif
Figure 1: Common malicious communication event Step description 1 HTTP clients (such as Microsoft®internet Explorer) behind the firewall browse a malicious Web page that contains links.
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.