What Software do web modernize ?
Why modernize ?
What are the modernization choices ?
What languages can we modernize ?
Time and cost
Modernization via platformmigration
SOA enablement
Partial Software modernization Web enablement
Data storge mingration
Automatice documentatic
Change impact analysis
End-user computing  

If you wish to quickly SOA-enable your application without transforming the entire application, that can be done using either Invasive or Non-Invasive methods. Service Oriented Architecture doesn't have to be complicated, but it is important to have a clear SOA strategy. While it is indeed possible to use a Web Services wrapper to extend the life of your existing applications, without a clear understanding of the security risks, you could be looking at potential disaster.

What is this technique of taking existing application and “wrapping it” in a SOA container?

The Wrapper Approach

Let us illustrate this using a case study from the public domain.

Granger Machinery, a manufacturer of heavy and industrial machinery, wanted to use Web Services in the form of a "wrapper" to make its existing inventory and customer database available to other lines of business. The SOA was initiated by allowing a client to send complete SQL statements in the request to the database via the HTTP protocol. The database server would respond by sending the request fulfillment data back to toe requestor via the same protocol.

This was what we call a “tightly coupled” because required the requestor to know the implementation details to make the SQL call.

One major problem with this approach is that it lacks business context.

The IT team needs to associate a business context—or rules—around the Web services, instead of allowing "dumb" SQL requests. Such rules define who has a right to put in a request to the SQL database and in what situation they can access data. Individuals would then need to be authenticated before accessing the database. This would prevent the database from blindly giving out information, as well as prevent destructive requests from directly accessing the table.

What was the security risk here? The protocol left the relational database susceptible to SQL injection attacks, whereby attackers could potentially bypass the SQL statements defined on a Web Server in order to inject their own statements and cause damage or steal information.The SQL injection problems are caused by two different issues: bad data that gets injected into SQL statements, and bad SQL statements themselves.
The IT team thought that it could reduce this risk by using an anti-injection attack feature in its existing security product. This feature would detect and sanitize SQL statements that were written to perform destructive operations, such as "Drop" or "Delete."

But these injection protection solutions cannot solve the problems of bad data and bad SQL statements.Indeed, the Web services wrapper approach can be dangerous if not undertaken with care, as in this instance.

A Better Approach

While it is true that by applying SOA and Web Service standards, it is possible to quickly achieve reuse and integration goals, a better approach is to have an overall SOA strategy that addresses all foreseeable issues and mitigates security risks.

In the case of Granger Machinery, the company needed to address the following in its SOA strategy:1. Who should be authorized to access the data? 2. How should they access it? 3. Can and should we prioritize the requests and transactions? Rushing into the Wrapper approach in an ad hoc manner without answering these questions resulted in a security risk.


Wrapping a service is an excellent way to get reuse out of applications that are already delivering value to your business. It is, therefore, a good way to build a SOA, so long as you have solid IT business alignment. (Governance should ensure that such issues are accounted for and built into the strategy. Policies then will perform the control, with management and run-time governance ensuring these policies are enforced and measured.) Randomly wrapping services, however, can lead to security and performance problems -- inside and outside the organization.

In the end, we must remember that building a SOA is an incremental process. We can start by wrapping services that are working well today and rebuild other SOA services over time. In addition, we can prioritize what to rebuild and what to build from scratch based on the new business opportunities that come your way.

In the final analysis, the Web services wrapper is a great tactical approach for moving toward SOA, but it is not a panacea.

USA, Germany, india, UK, Holland, Sweden, France,Belgium, Switzerland, Singapore, China
ADA Companies Worldwide - TSRI
AltiSAP - Quantum Capital
Contact: 888-453-0014
Email: info@adasoftusa.com