Category Archives: SOAP

Simple Object Access Protocol

MySQL injection attacks

Posted on by
2

After my dissertation, on methods and tools for testing SOAP Based Web Services, I have been giving a lot of thought to SQL injection attacks obviously coming from a web application development background that is one of my pet peeves.

I have often used a recycled function to sanitise inputs from users before any database interaction is opened up and this has served me really well. It however only dawned on me, when it would be advisable to use this sanitation methods. For example when you need to register a user obviously you will need to sanitise inputs that will be stored in the database as plain text  such as user names, email addresses and the like (unless you’re uber paranoid where you will decide to [reversibly] encrypt all entries to the database), then you should not even be reading this post .

For simpletons like me however I have realised that is is not necessary to sanitise for SQL injections when storing passwords because I NEVER store passwords in plain text anyway. The necessity is removed because after the salt is retrieved from the hash (regardless of what algotrythm SHAx MDx Blowfish etc) the text is in no way close to what the plain text looks like so it would be a waste of time trying to do this.

Kudos to those who had already come to this realisation. It took me a while but I finally got there.

Dissertation and UK Snooker Championship

Posted on by
1

It has taken me a long time to get to this point. The point where I can actually take my eyes off my laptop screen and look at the TV for a few minutes for a while. The Maplin UK Snooker Championship is on on BBC and it’s really fun watching even if it’s in the background.

I can afford to watch this because I am now cleaning up my references and appendices and little bits of formatting preparing to send my first draft to my supervisor. My dissertation is in Methods and Tools for testing SOAP-Based Web Services… yeah a mouth full.

It is however done though. I had a few misgivings about writing it all in with my ubuntu laptop seeing as everyone uses Word and I was going to be using openoffice and then converting to a .doc file to email it out, but I think I was being silly. Open office 3.0 has been up to the task and i’m really pleased to say my dissertation was done using 100% open source tools.

Dissertation Begins

Posted on by
1

Having spent several weeks trying to figure out a topic for my dissertation I finally settled on “Methods and Tools for testing Web Services”. I eventually begin the actual writing today so it’s a good big step.

Although the work itself will belong to the University and will have all the rights reserved I will be posting bits of the work that I have done here so this should be an informative area for Service Oriented People, or those interested in Web Services particularly the SOAP kind.