diff --git a/public_html/deployment/classes/sws.class.php b/public_html/deployment/classes/sws.class.php
index 5da960db10976988d6108636fb9dc48f63538909..4833108e56c4bb51463e99fc45fb2af1e3da4683 100644
--- a/public_html/deployment/classes/sws.class.php
+++ b/public_html/deployment/classes/sws.class.php
@@ -103,7 +103,7 @@ class sws {
      * version
      * @var string 
      */
-    private $_sVersion = "0.06 (beta)";
+    private $_sVersion = "0.07 (beta)";
 
     /**
      * title
@@ -166,6 +166,23 @@ class sws {
         return false;
     }
 
+    /**
+     * helper for _parseParams
+     * check if parameter args contain safe chars
+     * @param type $sParamValue
+     * @return boolean
+     */
+    private function _verifyParamValue($sParamValue){
+        $sOKChars='a-z0-9\"\{\}\[\]\.\,\ \:\-\+';
+        if(isset($this->_aParams[$sParamValue])){
+            $sVal=urldecode($this->_aParams[$sParamValue]);
+            if(preg_match('/[^'.$sOKChars. ']/i', $sVal)){
+                $this->_quit("ERROR: parameter $sParamValue=.. contains unsupported character(s): [". preg_replace('/['.$sOKChars. ']/i', '',$sVal)."]");
+            }
+            
+        }
+        return true;
+    }
     /**
      * parse parameters (given GET/ POST is in by _aParams @see setParams)
      *     class  - class to initialize
@@ -176,7 +193,7 @@ class sws {
      */
     private function _parseParams() {
         $aMinParams = array("class", "action");
-        $aMaxParams = array_merge($aMinParams, array("args"));
+        $aMaxParams = array_merge($aMinParams, array("init", "args", "type"));
         $sErrors = '';
 
         // set defaults
@@ -202,7 +219,12 @@ class sws {
                 $sErrors.="- <em>" . $sKey . "</em><br>";
             }
         }
-        // TODO: checkMaxParams
+        // check max Params
+        foreach(array_keys($this->_aParams) as $sKey){
+            if(!in_array($sKey, $aMaxParams)){
+                $this->_quit("ERROR: parameter ". htmlentities($sKey)." is unknown.");
+            }
+        }
         
         // check if classname and action exist in configuration
         if (array_key_exists("class", $this->_aParams)) {
@@ -214,6 +236,9 @@ class sws {
                 $this->_sClassfile = $this->_aKnownClasses["classes"][$this->_aParams["class"]]["file"];
 
                 // get arguments for the method
+                $this->_verifyParamValue("init");
+                $this->_verifyParamValue("args");
+                
                 if (array_key_exists("init", $this->_aParams)) {
                     try {
                         $aTmp = json_decode($this->_aParams["init"], 1);
@@ -222,7 +247,7 @@ class sws {
                     }
                     if (!is_array($aTmp)) {
                         $this->_quit(
-                                'ERROR: wrong request - init value must be a json string<br>'
+                                'ERROR: wrong request - init value must be a json string (in url encoded form)<br>'
                                 . 'examples:<br>'
                                 . '- one arg <code>(...)&init=["my string"]</code><br>'
                                 . '- two args <code>(...)&init=["my string", 123]</code> '
@@ -249,7 +274,7 @@ class sws {
                 }
                 if (!is_array($aTmp)) {
                     $this->_quit(
-                            'ERROR: wrong request - args value must be a json string<br>'
+                            'ERROR: wrong request - args value must be a json string (in url encoded form)<br>'
                             . 'examples:<br>'
                             . '- one arg <code>(...)&args=["my string"]</code><br>'
                             . '- two args <code>(...)&args=["my string", 123]</code> '
@@ -623,7 +648,7 @@ class sws {
         $sClassInit = '<span class="urlvalue">[initparams]</span>';
         $sActionSelect = '<span class="urlvalue">[action]</span>';
         $sParamSelect = '<span class="urlvalue">[parameters]</span>';
-        $sTypeSelect = '<span class="urlvalue">[type: raw|json]</span>';
+        $sTypeSelect = '<span class="urlvalue">[raw|json]</span>';
 
         $sSyntax = sprintf(
                 '<pre>?'
@@ -701,6 +726,9 @@ class sws {
                     . '.warning{ color:#a96; background:#fc8; padding: 0.5em; margin-bottom: 2em; border-left: 4px solid;}'
                     . '.defaultvalue{color: #33c;}'
                 . '</style>'
+                ;
+        if($this->_aOptions["enableGui"]){
+            $sReturn.= ''
                 . '<script>'
                 . 'function toggleDesciption(sId, a){'
                 . 'var o=document.getElementById(sId);'
@@ -781,6 +809,9 @@ class sws {
                     
                   '
                 . '</script>'
+                ;
+        }
+            $sReturn.= ''
                 . '</head>'
                 . '<body>';
 
diff --git a/public_html/webservice/sws-config.json b/public_html/webservice/sws-config.json
index a7b7e3273c59e06c4baf89e8dfb4962564307f84..a2cdf80e167968735114c65e56b12c18bc165851 100644
--- a/public_html/webservice/sws-config.json
+++ b/public_html/webservice/sws-config.json
@@ -1,7 +1,7 @@
 {
     "options": {
         "enableGui": 1,
-        "enableDump": 1
+        "enableDump": 0
     },
     "classes": {
         "Actionlog": {
@@ -9,6 +9,12 @@
             "actions": {
                 "getLogs": {}
             }
+        },
+        "project": {
+            "file": "project.class.php",
+            "actions": {
+                "getProjects": {}
+            }
         }
     }
 }
\ No newline at end of file