NetTalk Central

Author Topic: Web Services - Clarification Questions  (Read 3261 times)

David

  • Full Member
  • ***
  • Posts: 127
    • View Profile
Web Services - Clarification Questions
« on: March 17, 2014, 05:53:46 PM »
Bruce,

I think the web services templates are an awesome addition to NT.  Couple of questions regarding the new Web Services templates....

1. In the NT8 kickoff webinar, you stated that the client side of web services was coming.  Are you shooting for sometime 2nd quarter, next 3 months, or sometime this year?  Just wondering for planning purposes.

2. There are no security settings on either the NetWebService or NetWebServiceMethod.  Are you planning on adding security settings similar to the other NetWeb templates such as "User Must Be Logged In" and "Only Serve IF".  This would mean that the client side would have to have an option to maintain and pass the session key.  I'm looking at the client logging in once and then having the session follow that user for additional connections just like the NetWebPage, NetWebBrowse, and NetWebForm.

3. Down the road could you look to add an option to compress the data assuming that it is going between 2 Clarion applications using the Web Service templates.  This would be useful for a client retrieving large lists of information.  And an option for encrypting the data using Cryptonite would be really interesting.

4. In the webinar you said that putting the Methods under the NetWebServices was somewhat arbitrary.... In your webinar demo you had 2 different NetWebServices with several Methods under each one.  Using the NT Wizard to create a new app and including NetWebServices, each Method was paired with it's own NetWebService.  I understand the purpose of the NetWebMethod's, but what is the purpose of the NetWebService?  Why would I create more than one, why do I need it at all?

Thank you,
David

Bruce

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 11250
    • View Profile
Re: Web Services - Clarification Questions
« Reply #1 on: March 18, 2014, 05:19:36 AM »
Hi David,

1. Sooner rather than later. Obviously it becomes a lot easier to test with both sides working. I don't know the exact timing, but it's probably top of my list (after bugs) right now.

2. yes, a security layer to follow. This is obviously a necessity.

3. The data will already be (automatically) compressed if the client side passes in the header;
Accept-Encoding: gzip, deflate
In terms of encryption, the best approach is to use SSL to encrypt the connection.

4a. >> Why would I create more than one
It's completely arbitrary. Usually you can "group" methods together where they are related in some way - say for example you might group customer related tables together into one service, and product related tables into another service, and so on.

4b. >> why do I need it at all?
The WSDL file is generated by this "service" procedure, and also the "front page" of the auto-docs are generated by this procedure.

If your client is making SOAP requests then the requests flow through this procedure (because the xml or SOAPAction has to be parsed to determine the method to call).

but, you don't _have_ to have it. If you have a lonely method all by itself, it can still be called directly using the GET or POST approach.

Cheers
Bruce

David

  • Full Member
  • ***
  • Posts: 127
    • View Profile
Re: Web Services - Clarification Questions
« Reply #2 on: March 18, 2014, 06:07:12 AM »
Thank you for the reply Bruce.

When your adding the security layer could you please include security for the WSDL and auto-docs.  If I'm using the WebServices between 2 of my Clarion apps, I would want many of the Methods "private" and wouldn't want to leak information on them by way of WSDL and docs.

On the encryption point, SSL is susceptible to Man-In-The-Middle attacks.  The ability to encrypt the data using an encryption method outside of SSL would add an additional layer of security.  However, I understand your point about using SSL to encrypt the connection and this would work for most scenarios.

Bruce

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 11250
    • View Profile
Re: Web Services - Clarification Questions
« Reply #3 on: March 18, 2014, 06:13:10 AM »
Hi David,

>> When your adding the security layer could you please include security for the WSDL and auto-docs.  If I'm using the WebServices between 2 of my Clarion apps, I would want many of the Methods "private" and wouldn't want to leak information on them by way of WSDL and docs.

good idea.

>> On the encryption point, SSL is susceptible to Man-In-The-Middle attacks.

weeelll - yes, I suppose in theory. If the client is testing the validity of the certificate, then it's not all that easy to do a MITM with SSL. Bear in mind that SSL is the encryption layer of the whole internet - if it's broken then Banks, Amazon, eBay etc would all be in big trouble. Yes there have been documented cases of certificates being erroneously issued - but it's a fairly small attack vector.

>> The ability to encrypt the data using an encryption method outside of SSL would add an additional layer of security.

certainly it's do-able. and ti wouldn't be a bad thing. As long as you were still doing everything over an SSL connection.

Cheers
Bruce