The protocols we’ve seen so far in this chapter form an important pillar in securing interactions between services. But good security extends not just to the network, but also to service implementations. To be dependable, a service must tolerate various abuses that it is likely to encounter on the Web and deal with those threats gracefully. In the following sections, we outline five important security themes for building dependable services that will survive production.
It can be hard to distinguish between a genuine consumer interaction and a malicious request. In the normal course of operations, customers submit many successful orders to Restbucks each second, most of which are innocuous.
A common attack vector is to overwhelm a service with many requests, thereby causing a denial-of-service attack. Such attacks are best prevented by operations specialists analyzing traffic at the network layer. We’re not going to focus any further on the network layer. In this section, we’ll cover only those attacks that specifically pertain to service implementations.
While the majority of well-formed requests will likely be
legitimate coffee orders, it is possible to craft a perfectly valid
order representation that is nonetheless capable of causing mischief.
Imagine the problems caused if a malicious consumer crafted a very
large representation, such as that in Example 9-58, and
POSTed it to Restbucks.
Example 9-58. A large representation crafted ...