OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help



   Re: SOAP, plague, love

[ Lists Home | Date Index | Thread Index ]
  • From: Matt Sergeant <matt@sergeant.org>
  • To: Dave Winer <dave@userland.com>
  • Date: Sat, 6 May 2000 11:04:01 +0100 (BST)

On Fri, 5 May 2000, Dave Winer wrote:

> Not running an HTTP server? Then you'll never get one.

So, all new Red Hat linux installations will though. (I know that's Red
Hat's fault - but the ILOVEYOU virus is MS's fault - but blame doesn't
stop it spreading).

> Can a firewall administrator block SOAP and XML-RPC messages? Absolutely.

Not easily with Linux ipchains firewalls. We're talking 30% of the world's 
web servers here.

As for XML-RPC being only as inherently insecure as CGI's, well that may
be true. But we're still discovering wierd security issues with CGI's that
even careful CGI writers have been bitten by (XSS). I await with interest
the XML-RPC/SOAP cert advisories ;-) While I do mean that humorously (I
hope it never happens) let's not be naive here. XML-RPC is something
new. So was Javascript, and it was also designed to be secure from the
outset. So was Java. All had (have) security bugs.


Fastnet Software Ltd. High Performance Web Specialists
Providing mod_perl, XML, Sybase and Oracle solutions
Email for training and consultancy availability.
http://sergeant.org http://xml.sergeant.org

This is xml-dev, the mailing list for XML developers.
To unsubscribe, mailto:majordomo@xml.org&BODY=unsubscribe%20xml-dev
List archives are available at http://xml.org/archives/xml-dev/


News | XML in Industry | Calendar | XML Registry
Marketplace | Resources | MyXML.org | Sponsors | Privacy Statement

Copyright 2001 XML.org. This site is hosted by OASIS