Zend_Soap_Server or Zend_XmlRpc_Server
https://stackoverflow.com//questions/25036864
-
21-12-2019 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I need to implement webservice for a mobile application. I am using Zend Framework. I know we have Zend_Soap_Server and Zend_XmlRpc_Server. Which should I prefer. Client is concern about security. After reading here I think it is SOAP. But when to use Zend_XmlRpc.
Solution
IMO you should consider providing a simple REST API, as it is much simpler than SOAP, which is generally preferred over XML-RPC. You can build RESTful controllers fairly easily within Zend Framework.
Neither Zend_Soap_Server or Zend_SmlRpc_Server will address your security concerns. All three options (those two as well as the REST approach) are only concerned with the structure of the data being passed between the client and the server.
Security is mainly related to the following two concerns:
Authentication - you will need to implement some way of knowing that when a client connects to the server, they are a legitimate client and not some imposter/hacker. This can be done with HTTP authentication, inclusion of a token in the protocol,
OAUTHor some other means.Transport security - That is, stopping people from sniffing the traffic between the client and the server. Exposing the Web Service via SSL addresses this concern.
There may be other security concerns specific to the application protocol, DOS attacks, etc, but the two listed above are the common ones that most people would address first.
