OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

 


 

   RE: SOAP, plague, love

[ Lists Home | Date Index | Thread Index ]
  • From: Eldar Musayev <eldarm@microsoft.com>
  • To: XML-Dev Mailing list <xml-dev@XML.ORG>
  • Date: Fri, 5 May 2000 16:03:38 -0700



I don't understand why we give so much attention to this article.

First, the guy does not completely understand what he is writing about.
The latest worm is not about firewalls, but about human stupidity,
.vbs are executable just like .exe files, and I wonder how many people
would double click .exe file? Probably mail programs should ask
if you really want execute the attachment, just like browsers
do, when you click some link to non-HTML file on Internet,
and I wonder why this feature was not implemented a long time ago
(this is not just Outlook, but other modern mail agents too)

As to SOAP as a back door, excuse me... That's just CGI (well, 
servlet, ASP, whatever...). It does exactly what you want and 
your only concern is to provide it only to whom you want. 
Of course, CGI may be made insecure, is CORBA better? I don't think so.
If SOAP server should serve only intranet, use non-standard port,
if not, CORBA will do the same.

It may be good to be paranoid, when you are security admin and you
have IT director or CEO nearby to kick you, if your paranoia starts 
to cost business, but it's certainly not good to share it with the 
whole world. Sorry, just see no big event in this article. It's
just an entertainment for general public.

Eldar

***************************************************************************
This is xml-dev, the mailing list for XML developers.
To unsubscribe, mailto:majordomo@xml.org&BODY=unsubscribe%20xml-dev
List archives are available at http://xml.org/archives/xml-dev/
***************************************************************************




 

News | XML in Industry | Calendar | XML Registry
Marketplace | Resources | MyXML.org | Sponsors | Privacy Statement

Copyright 2001 XML.org. This site is hosted by OASIS