Re: HTTP vs. TCP (Re: "Binary XML" proposals)

[Benjamin Franz <snowhare@nihongo.org>]

On Tue, 17 Apr 2001, Stefan Zier wrote:

> > ...but if you're going to use TCP for RPCs, for God's sake don't use port
> > 80; that's for transferring hypertext. We have 65,000 or so port numbers
> > to choose from. If we use different port numbers for different things,
> > firewall administrators can make networks secure by controlling what does
> > and doesn't get let through. If Web browsing and RPCs all go over the same
> > port, then it's hard to disallow or control RPCs without affecting web
> > browsing.
> 
> It's a cat and mouse thing: more and more applications use port 80/HTTP
> because firewall admins only allow web browsing. In return, firewall admins
> move towards application level firewalls (aka proxies) instead of simple
> packet filters. So in the end, both writing applications that are supposed
> to go through firewalls and firewalls that disallow these applications
> become more and more complex and, in general, a bit pain.

It's a generalized thing. Security is good until it becomes enough of a
pain in normal operation that people start routinely circumventing it. The
classic example is 'change password' routines that only allow login
passwords that are difficult to guess - but impossible to remember. So
people put them on sticky notes on their monitor. I've even seen them
programmed into the 'Fn' keys on a keyboard.

Hence 'WebMail', 'WebFTP', 'WebRPC', ....

Ultimately, it isn't a technical issue but a people one. You have
competing interests needing to be satisfied - the interest in a secure IT
infrastructure and interest in getting people's jobs done efficiently.

-- 
Benjamin Franz