Viewing Category: Web Services  [clear category selection]

SOAP Authentication

While doing development on a web services project, I needed a utility for making client requests quickly to verify the WSDL being produced. Using SOAP Client I can plug in a URL, have it parse the WSDL, and expose the methods for direct calls. Another cool thing is the option to add arbitrary HTTP headers to the request. One of the headers I added was for HTTP basic authentication. It's quite easy to construct the Authorization header value using this pseudo-code "Basic" + base64(username + ":" + password). The SOAP Client utility is a simple, open source Mac OS X native application. I have used the oXygen WSDL tool in the past, but it's just too cumbersome.

On a somewhat related topic, I created a hash utility that performs three types of message digest algorithms in JavaScript. I use it to quickly verify the hash of password, which is all that exists in the database. Of course, if an unknown salt has been added to the comparison, this is useless. However, pre-computed hash databases for common alpha-numeric strings exist for cracking. There are 74.7 million of them in a database at hashcrack.com. I was thinking about how much storage space it would take to hold all the possible 160-bit results from SHA1. Turns out, it's a lot, but it doesn't much matter because there's no way to work backwards.