Back to Security Pattern Catalog




Message Interceptor Gateway


Classification Key : Perimeter Security, Tampering

Problem

XML based external attacks from unauthorized entities have to be prevented by data sanitization on the application layer. XML message based attacks like buffer overflows, malicious data injection, and virus attachments. XML traffic also has to go through monitoring, logging and recording of audit trails. In order to do that, XML traffic has to be intercepted, examined and applied the transformations incurred by the security policies. The content-level processing operations include authentication, authorization, auditing, encryption/decryption, signature validation, compression/decompression, and transformation, routing and management functions. How can all these operations be done on XML at the entry point?

Solution

Use a proxy infrastructure providing a centralized entry point that encapsulates access to all target service endpoints of a Web services provider. It acts as a controller that aggregates access and enforces security mechanisms on the XML traffic by making use of identity and access management infrastructure. Secure incoming and outgoing XML traffic by securing the communication channels between the service endpoints.

Known Uses

Application level XML validation of data in HTTP/SSL connection.

Related Patterns

Secure Message Router, Single Access Point

Source

Sun Book

Tags

XML, Application Layer, Interceptor


 

Last modified: May 05, 2012

Conceived and Maintained by: Munawar Hafiz