Print Page | Close Window

HTTP API Security

Printed From: Web Wiz Forums
Category: Web Wiz Web App Support Forums
Forum Name: Web Wiz Forums
Forum Description: Support forum for Web Wiz Forums application.
URL: https://forums.webwiz.net/forum_posts.asp?TID=30543
Printed Date: 30 March 2026 at 10:07pm
Software Version: Web Wiz Forums 12.08 - https://www.webwizforums.com


Topic: HTTP API Security
Posted By: DanP
Subject: HTTP API Security
Date Posted: 12 November 2012 at 1:57pm
Hi, I'm after a bit of basic information around the HTTP API, more to the point around security around it.   What does it have in terms of security?   Is there anything in it to stop a Brute Force, Dictionary or DDOS attack?   I'm concerned that given enough time and basic scripting someone could obtain the master Admin password and then access to everything within a forum.   Is there something I've missed in the documentation for this API?

Cheers,

Dan


Replies:
Posted By: WebWiz-Bruce
Date Posted: 12 November 2012 at 2:08pm
The HTTP XML API requires that you pass across the admin username and password in order for the API to validate and run the API call.

If you are worried about security you could install an SSL certificate on your website and then use HTTPS to access the API.

If you are also concerned about Brute Force, Dictionary or DDOS attack then you could look at installing Microsoft's IIS Dynamic IP Restrictions that can block these types of attacks.

Attempting to prevent DDoS attacks at application level within Web Wiz Forums would be pointless as any calls to the application require database hits and so you would not be able to sufficiently stop DDoS at this level. It would be much better using Microsoft's IIS Dynamic IP Restrictions or better still using a hardware firewall, or some Switches from companies like Cisco also have this ability built in.


-------------
https://www.webwiz.net/web-wiz-forums/forum-hosting.htm" rel="nofollow - Web Wiz Forums Hosting
https://www.webwiz.net/web-hosting/windows-web-hosting.htm" rel="nofollow - ASP.NET Web Hosting

Posted By: DanP
Date Posted: 12 November 2012 at 2:52pm

Hi Bruce, thanks for the quick reply.   I'm happy with the concept that the calls are all encrypted by SSL, it was the repeat attack I was more concerned with.   As you say that can (and probably should) be catered for at hardware or OS level.   Thanks for confirming.

 
Dan


Print Page | Close Window

Forum Software by Web Wiz Forums® version 12.08 - https://www.webwizforums.com
Copyright ©2001-2026 Web Wiz Ltd. - https://www.webwiz.net