OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help



   Re: SOAP, plague, love

[ Lists Home | Date Index | Thread Index ]
  • From: Ken MacLeod <ken@bitsko.slc.ut.us>
  • To: <xml-dev@xml.org>
  • Date: 06 May 2000 09:00:14 -0500

"Dave Winer" <dave@userland.com> writes:

> In fact SOAP and XML-RPC are no more or less secure than CGI scripts.

Noting that CGIs have traditionally been the weakest point in web or
site security.

> When you're putting up public Internet apps, or private ones that people
> could sneak into, remember Murphy's Law and think paranoid.

Exactly.  And one must be paranoid about each particular web app (SOAP
or XML-RPC endpoint) individually.  It's not the protocol, in
particular, that's more or less secure, but each individual
application (client or server) that uses it.  Each application has to
be assessed as to whether or not it has implemented security
precautions (both active (like authentication and authorization) or
passive (data-driven attacks like stack overflows)).

  -- Ken

This is xml-dev, the mailing list for XML developers.
To unsubscribe, mailto:majordomo@xml.org&BODY=unsubscribe%20xml-dev
List archives are available at http://xml.org/archives/xml-dev/


News | XML in Industry | Calendar | XML Registry
Marketplace | Resources | MyXML.org | Sponsors | Privacy Statement

Copyright 2001 XML.org. This site is hosted by OASIS