Results 1 to 2 of 2

Thread: SOAP messages and Security

  1. #1
    anuradha_mihsra is offline Intermediate Member
    Join Date
    Jul 2007
    Posts
    17
    Rep Power
    8

    Default SOAP messages and Security

    Hi All,

    If you might recall, I am working on integrating the Zimbra client with our own mail server. The approach that I am following is to write our own integration layer which intercepts the SOAP calls from the client and returns data from our server. I had some questions and would appreciate answers:

    a) How can we turn off features in the zimbra client that our server doesn't support? (for example Documents)
    b) How can we change the look and feel of the zimbra client?
    c) How can I use Zimlets? I need to pass the relevant information in the GetInfo request. How can I install the zimlets alone (w/o installing zimbra server)?
    d) How easy would it be to add a new feature to the zimbra web client?
    e) How secure is the data that is sent over the wire from client end to
    the server? Is the SOAP envelope sent comply with the standards? I find that I can view the user name and password sent in the SOAP request through Firebug. Doesnt sound safe to me!

    TIA

    Anuradha

  2. #2
    dkarp is offline Zimbra Employee
    Join Date
    Aug 2005
    Posts
    1,433
    Rep Power
    12

    Default

    Quote Originally Posted by anuradha_mihsra View Post
    a) How can we turn off features in the zimbra client that our server doesn't support? (for example Documents)
    When you're returning the GetInfo response, make sure to hardcode the zimbraFeatureNotebookEnabled attr to FALSE.

    Quote Originally Posted by anuradha_mihsra View Post
    b) How can we change the look and feel of the zimbra client?
    The Zimbra AJAX client has a model-view-controller architecture broken down by feature. Depending on how much you need to alter, you may have to change 1, 2, or all 3 for a feature to get your changes to work.

    Note that you must comply with the attribution clauses of the ZPL license.

    Quote Originally Posted by anuradha_mihsra View Post
    c) How can I use Zimlets? I need to pass the relevant information in the GetInfo request. How can I install the zimlets alone (w/o installing zimbra server)?
    You're on your own with this one. Zimlets are installed on the Zimbra server -- if you want to do it without the Zimbra server, you've got to roll your own solution.

    Quote Originally Posted by anuradha_mihsra View Post
    d) How easy would it be to add a new feature to the zimbra web client?
    Get a good grip on the Zimbra client architecture and you'll have a decent idea of how hard this will be. It's not trivial, but it's clearly possible.

    Quote Originally Posted by anuradha_mihsra View Post
    e) How secure is the data that is sent over the wire from client end to the server? Is the SOAP envelope sent comply with the standards? I find that I can view the user name and password sent in the SOAP request through Firebug. Doesnt sound safe to me!
    Zimbra allows you to force login over SSL, which provides the security layer that you're missing. You'll have to do the HTTP/HTTPS server-side redirect magic yourself.

    The requests are valid SOAP 1.2, as best I know.
    Last edited by dkarp; 07-31-2007 at 08:27 PM. Reason: Fixed attribute name/value
    Bugzilla - Wiki - Downloads - Before posting... Search!

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •