OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help



   RE: [xml-dev] SOAP-RPC and REST and security

[ Lists Home | Date Index | Thread Index ]

One can expose a security risk naively.  One 
could also only expose a facade or a kind of session 
manager that handles requests and routes them 
appropriately.  One can also take the approach taken by 
some data warehouse models in which a separate server, 
really a separate box, handles the web services.  The 
internal systems which must be secure don't face out. 

Sure, someone can do a stupid thing.  Or, one can 
do a good design, understand best practices, and 
act accordingly.  Same as it ever was.


-----Original Message-----
From: Joshua Allen [mailto:joshuaa@microsoft.com]

Again, I don't understand this.  RPC does not pass code to the server.
The user does not "execute code directly".  The user passes some
parameters, and the server executes whichever code it has been
configured to execute in response.  Same as happens with REST.


News | XML in Industry | Calendar | XML Registry
Marketplace | Resources | MyXML.org | Sponsors | Privacy Statement

Copyright 2001 XML.org. This site is hosted by OASIS