1

We have a web service that currently runs only internally within a network and there is no access outside the network. This web service is written in Java and runs through a Jetty servlet engine. It is a bare bones web service and there is little to no security built into it. It does minor amounts of data validation to prevent denial of service attacks, and it uses BasicAuth. There is no encryption/decryption and there is no SSL going on here.

I'm looking for secure ways to expose this not-so-secure web service to the public internet for clients to connect to it via a website form requests.

Right now I'm investigating using a reverse proxy in Microsoft Windows IIS to do this, but I'm not sure this will add any security.

How do people normally expose a web service to the public internet in a secure way?

Brian T Hannan
  • 111
  • 1
  • What do you mean by "in a secure way"? – Michael Hampton Oct 27 '16 at 03:42
  • This definition of secure: "safe from penetration or interception by unauthorized persons" probably covers what I'm looking to accomplish. – Brian T Hannan Oct 27 '16 at 14:12
  • Also, I'm looking to prevent denial of service attacks but I think good data validation can help with that by determining bad requests and bad data as early on in the process as possible for receiving new requests. – Brian T Hannan Oct 27 '16 at 14:13

0 Answers0