xml-dev - RE: [xml-dev] SOAP-RPC and REST and security

RE: [xml-dev] SOAP-RPC and REST and security

[ Lists Home | Date Index | Thread Index ]

To: 'Joshua Allen' <joshuaa@microsoft.com>, xml-dev@lists.xml.org
Subject: RE: [xml-dev] SOAP-RPC and REST and security
From: "Bullard, Claude L (Len)" <clbullar@ingr.com>
Date: Wed, 20 Feb 2002 08:11:37 -0600

One can expose a security risk naively.  One 
could also only expose a facade or a kind of session 
manager that handles requests and routes them 
appropriately.  One can also take the approach taken by 
some data warehouse models in which a separate server, 
really a separate box, handles the web services.  The 
internal systems which must be secure don't face out. 

Sure, someone can do a stupid thing.  Or, one can 
do a good design, understand best practices, and 
act accordingly.  Same as it ever was.

len

-----Original Message-----
From: Joshua Allen [mailto:joshuaa@microsoft.com]

Again, I don't understand this.  RPC does not pass code to the server.
The user does not "execute code directly".  The user passes some
parameters, and the server executes whichever code it has been
configured to execute in response.  Same as happens with REST.

Prev by Date: Re: [xml-dev] Re: [namespaceDocument-8] 14 Theses
Next by Date: Re: [xml-dev] Re: [namespaceDocument-8] 14 Theses
Previous by thread: RE: [xml-dev] SOAP-RPC and REST and security
Next by thread: RE: RE: [xml-dev] SOAP-RPC and REST and security
Index(es):
- Date
- Thread