Showing posts from 2015

Preventing XSS and CSRF vulnerabilities in WSO2 ESB

INTRODUCTION In this article I will explain you how to prevent Cross Site Scripting and Cross-Site Request Forgery (CSRF) attacks in WSO2 ESB. First let me explain you what are those vulnerabilities.
What is XSS Cross Site Scripting (XSS) is a client side code injection attack where an attacker can execute malicious scripts into a legitimate website or web application. XSS is a very common vulnerability exists in web applications and occurs when a web application makes use of unvalidated or unencoded user input within the output it generates. For an example an attacker can inject a malicious script into an input textfield of your web application, and once the form is submitted that malicious script get executed, leading to catastrophic consequences.
What is Cross-Site Request Forgery (CSRF)CSRF is an attack that tricks the victim into submitting a malicious request. It inherits the identity and privileges of the victim to perform an undesired function on the victim's behalf. For most…

Message Processor Coordination Support in WSO2 ESB

INTRODUCTION In general Message Processor is used to achieve guaranteed delivery where messages sent to the JMS queue never get lost even though the back end is down. In case of a failure of the backend, the message processor keeps on retrying sending message to the endpoint a specified number of attempts (defaults to 4) and deactivates itself afterward. It never removes the message from the queue until it is dispatched to the backend successfully. Also message processor ensures in order delivery of messages to the backend. In this article I am going to explain you Message Processor coordination support in WSO2 ESB where we go a step beyond in order to achieve high availability and scalability. Coordination support of the Message Processor comes into play when you run it in cluster mode. Therefore we need to have a cluster setup with one manager and two worker nodes with us to move on further. You may refer my article [1] to create a cluster setup which is a necessary prerequisite to f…

WSO2 ESB Worker Manager Cluster without a Load Balancer

INTRODUCTION In production environments, services are clustered in order to scale up applications, achieve high availability or to achieve both. By scaling up, the application supports a larger number of user requests and through high availability the service is available even if few servers are down. To support balancing of load among these servers, a load balancer is used to distribute requests among the nodes in the cluster. The nodes that receive this incoming traffic are a set of backend worker nodes in a worker/manager separated cluster.
The worker/manager setup clearly separates the concerns/responsibilities, where the manager node is responsible for management related activities such as creating, updating and deleting synapse artefacts. The workers are responsible for serving client requests.
In this article I will elaborate the steps required to create a WSO2 ESB worker manager cluster without a load balancer. In a production setup load balancer becomes handy, but for our testin…