Cart
[Home] [By Thread] [By Date] [Recent Entries]
Rich Salz wrote: >> So each message, no matter the size, should be parsed to determine >> authorization, authentication and validity? As opposed to >> stopping/redirecting a request based on the URL/request-credentials >> before a parse happens? > > > Should be? Even I'd be reluctant to use something other than "may." > If your gateway facility is fast enough to handle the traffic, than you > can get significant performance gains by offloading stuff like you > mention from your application servers. A J2EE server is not usually the > most performant place to do a WS-Security signature validation. > > There are security benefits, too. Put the router into your DMZ and you > prevent bad messages from even getting onto your network. Pass all XML > traffic through it and you have a guaranteed policy enforcement point. OK, I can see what you are saying. Is there some facility to deny/turn-off processing for a type of DoS attack? Say something is sending you several complex, large messages - what happens to the gateway? -Rob > > But definitely, not everyone needs or wants to do this. It's all about > engineering trade-offs. > > /r$ >
|
