The Design of Software (CLOSED)

A public forum for discussing the design of software, from the user interface to the code architecture. Now closed.

The "Design of Software" discussion group has been merged with the main Joel on Software discussion group.

The archives will remain online indefinitely.

File transfer using web service

OK so I need some design guidance from the gurus who live at JoS...

I need to expose a web service to allow an external entity to upload (text) files.  I am planning on using .Net/Visual Studio 2003 and doing security via WSE 3.

I've played around with various web services tutorials and have been successful so far.  My main questions is if the best way to upload the file is for the application consuming my web service to pass the contents of the text file as a string?  Or is there a better way?  These files are potentially quite large.

My second question is does this post reveal any major flaws in my understanding?  I'm definitely new to web services.

Thanks.
chloraphil Send private email
Wednesday, January 11, 2006
 
 
Upload text files to where?

Any person can trap the text stream you are sending, by just using a protocol packet analyser.

So if you are so paranoid about security, choose a different model.

Maybe web-applications over https. Maybe not XML .Net webservices.
Vineet Reynolds Send private email
Wednesday, January 11, 2006
 
 
I have no idea about specifics of what you're doing using .NET, but one thing to be aware of is that you may want to avoid sending a file as a single transmission.  That is, you will probably want to "chunk" the file by sending it in pieces of much smaller size.  If you don't do this (at least in libraries I've worked with) there will be an in-memory buffer equal to size of file that affects scalability and makes it outright impossible to send files of greater size than available RAM.
Herbert Sitz Send private email
Wednesday, January 11, 2006
 
 
You will want to look at either DIME or MTOM  both are emerging web standards with MTOM being the newest are more robust.

These are the "standard" way to upload binary attachments out of band with webservices

Wednesday, January 11, 2006
 
 
yeah, i was running into problems with larger files in my test environment. 

I will definitely look into MTOM.  I googled it and found http://www.codeproject.com/soap/MTOMWebServices.asp in case anyone else is interested.

Thanks Herbert and "".

Vineet, I think WSE 3.0 will be good enough for security.  This is health information and therefore highly sensitive.  Any thoughts?
chloraphil Send private email
Wednesday, January 11, 2006
 
 
WSE 3.0 seems fine then. Make sure you understand the security model involved in Kerberos or X.509 certs, whichever  you are using.
Vineet Reynolds Send private email
Wednesday, January 11, 2006
 
 
If you must use a webservice, make it available via a VPN endpoint that the external party connects into to upload
... Send private email
Wednesday, January 11, 2006
 
 
Well, there is a HTTP method named "PUT" to upload content to an existing resource or "POST" to create a new one. No need for fancy services here...
icing Send private email
Thursday, January 12, 2006
 
 
PUT is outdated.
I'm yet to come across code that uses it.
Vineet Reynolds Send private email
Thursday, January 12, 2006
 
 
You can use plain web services and keep things secure by encrypting your files with symmetric cryptography functions(.NET 2.0 has a bunch of algorithms you can use) - this assumes the client and the server know the key. This way, your implementation is simple but secure too.
encrypt it!
Thursday, January 12, 2006
 
 
How big are the files? with web services you can send 4 MB by default and more if the server config is changed. It depends on how much control you have on either side.
encrypt it!
Thursday, January 12, 2006
 
 
MTOM is the "official" way of trasferring islands of non-object information on Web services. The .NET Framework 2.0 and WSE 3.0 provide a fairly robust implementation.

If you are only looking at file uploads, though, a web service may be overkill. A simple PUT/POST upload may be a better option. Unless the uploading of the file is part of a larger integrated process, I would recommend going with vanilla HTTP.

Mr. Reynolds, a few points for you. One, all web service traffic can easily be secured using https. They are no different from web applications in that regard. Two, PUT is anything but outdated. Many large production applications use it, Microsoft Exchange and Subversion  being two that I can immediately think of.
Raj Chaudhuri Send private email
Monday, January 16, 2006
 
 
AFAIK, WSE 3.0 will only work with .Net 2.0 which means Visual Studio 2005 for you.

Thursday, January 26, 2006
 
 

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics
 
Powered by FogBugz