OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

 


 

   RE: [xml-dev] SOAP-RPC and REST and security

[ Lists Home | Date Index | Thread Index ]
  • To: <zkenyon@swbell.net>,<xml-dev@lists.xml.org>
  • Subject: RE: [xml-dev] SOAP-RPC and REST and security
  • From: "Dare Obasanjo" <dareo@microsoft.com>
  • Date: Wed, 20 Feb 2002 14:11:17 -0800
  • Thread-index: AcG6WlGVVQYHRaceQd+qb8lB2V3dMwAAAzwg
  • Thread-topic: [xml-dev] SOAP-RPC and REST and security

> -----Original Message-----
> From: Zach Kenyon [mailto:zkenyon@swbell.net] 
> Sent: Wednesday, February 20, 2002 1:52 PM
> To: xml-dev@lists.xml.org
> Subject: RE: [xml-dev] SOAP-RPC and REST and security
> 
> > What I'd like to know is WHY he is against SOAP. In the old days I 
> > could understand why people didn't want various RPC 
> services exposed 
> > on their machines because they were a security risk due to all the 
> > buffer overflows and the like that existed in them.
> 
> Right, and we've now managed to eliminate all problems with 
> buffer overflows 
> with today's modern software.  Nobody ever uses sprintf anymore.

Your point is lost on me. 

Most people I know writing web applications are smart enough to know not
to write them in C or C++. Most web applications are written in Java,
ASP (VBScript/Jscript), and Perl. None of which I've seen have a problem
with buffer overflows. 

It's one thing to be against clients remotely executing code on a server
and another to scapegoat SOAP in an ill-conceived attempt to garner
negative press towards a misunderstood technology. 

After all, buffer overflows are possible in all web applications written
in unsafe languages. Whether they use SOAP or not is inconsequential. 

-- 
THINGS TO DO IF I BECOME AN EVIL OVERLORD #119
I will not attempt to kill the hero by placing a venomous creature in
his room.
It will just wind up accidentally killing one of my clumsy henchmen
instead.




 

News | XML in Industry | Calendar | XML Registry
Marketplace | Resources | MyXML.org | Sponsors | Privacy Statement

Copyright 2001 XML.org. This site is hosted by OASIS