xml-dev - Re: SOAP, plague, love

Re: SOAP, plague, love

[ Lists Home | Date Index | Thread Index ]

From: Ken MacLeod <ken@bitsko.slc.ut.us>
To: <xml-dev@xml.org>
Date: 06 May 2000 09:00:14 -0500

"Dave Winer" <dave@userland.com> writes:

> In fact SOAP and XML-RPC are no more or less secure than CGI scripts.

Noting that CGIs have traditionally been the weakest point in web or
site security.

> When you're putting up public Internet apps, or private ones that people
> could sneak into, remember Murphy's Law and think paranoid.

Exactly.  And one must be paranoid about each particular web app (SOAP
or XML-RPC endpoint) individually.  It's not the protocol, in
particular, that's more or less secure, but each individual
application (client or server) that uses it.  Each application has to
be assessed as to whether or not it has implemented security
precautions (both active (like authentication and authorization) or
passive (data-driven attacks like stack overflows)).

  -- Ken

***************************************************************************
This is xml-dev, the mailing list for XML developers.
To unsubscribe, mailto:majordomo@xml.org&BODY=unsubscribe%20xml-dev
List archives are available at http://xml.org/archives/xml-dev/
***************************************************************************

References:
- Re: SOAP, plague, love
  - From: Matt Sergeant <matt@sergeant.org>
- Re: SOAP, plague, love
  - From: "Dave Winer" <dave@userland.com>

Prev by Date: Re: The complete xml-dev archives are back online
Next by Date: Re: SOAP, plague, love
Previous by thread: RE: SOAP, plague, love
Next by thread: Re: SOAP, plague, love
Index(es):
- Date
- Thread