OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

 


 

   RE: SOAP, plague, love

[ Lists Home | Date Index | Thread Index ]
  • From: Eldar Musayev <eldarm@microsoft.com>
  • To: xml-dev@xml.org
  • Date: Mon, 8 May 2000 09:22:27 -0700



True, when I open the LoveBug worm, I see VBScript source
(and I _have_ Outlook on my computer)
And I think this is more clever than to execute it. 
Is it a sin to be clever?

If we say SOAP is insecure because of incidents like LoveBug,
then we have to declare insecure all email (not just Outlook),
HTML and XML, as well as any internet content and Internet at all.
In fact, that's true, Internet IS insecure, just like car or 
airplane. We may talk, how to make it more secure, but 
labeling insecure particular technology for the sins of the whole 
industry is either paranoid or dishonest. It's like
blaming particular Ford or GM part for accidents made 
by drunk drivers.

Eldar

 > -----Original Message-----
 > From: John Cowan [mailto:cowan@locke.ccil.org]
 > To: edd@usefulinc.com
 > Cc: dave@userland.com; matt@sergeant.org; simonstl@simonstl.com;
 > xml-dev@xml.org
 > Subject: Re: SOAP, plague, love
 > 
 > Edd Dumbill scripsit:
 > 
 > > Coffee's invocation of SOAP here doesn't work for me. I 
 > don't see SOAP
 > > as having "active-content" messages. What is passed is 
 > simply an XML
 > > document.  If you got a SOAP message in your web browser 
 > or your email
 > > client, you'd just see XML, plain and simple.
 > 
 > Sure, and when you open the Love Bug, what you see is Basic 
 > source code
 > in ASCII, plain and simple.  *Anything* can be active content, if the
 > receipient treats it as such.
 > 
 > -- 
 > John Cowan                                   cowan@ccil.org

***************************************************************************
This is xml-dev, the mailing list for XML developers.
To unsubscribe, mailto:majordomo@xml.org&BODY=unsubscribe%20xml-dev
List archives are available at http://xml.org/archives/xml-dev/
***************************************************************************




 

News | XML in Industry | Calendar | XML Registry
Marketplace | Resources | MyXML.org | Sponsors | Privacy Statement

Copyright 2001 XML.org. This site is hosted by OASIS