No replies to this topic

[BlackRook]

Hello everyone,

I have a question about ASMX services. I current have a client that I am doing work for and they have SQL Server 2008 running on a server which they have a Windows application running to access the database. They want me to use their web service to create a PHP interface for their users to look up billing history and previous calls, etc.

I can work my way through it as I have used PHP for 4 years or so now. But I am not a security expert by any means - however I do know that without any work besides using the WSDL file I was given, I can do a var_dump and everything. Should there not be some means of authentication in this or is this all taken care of by the WSDL file? I imagine this would be a huge security risk because anyone could access this networked resource.

Regards,
Matthew