[
Lists Home |
Date Index |
Thread Index
]
- To: <zkenyon@swbell.net>,<xml-dev@lists.xml.org>
- Subject: RE: [xml-dev] SOAP-RPC and REST and security
- From: "Dare Obasanjo" <dareo@microsoft.com>
- Date: Wed, 20 Feb 2002 14:11:17 -0800
- Thread-index: AcG6WlGVVQYHRaceQd+qb8lB2V3dMwAAAzwg
- Thread-topic: [xml-dev] SOAP-RPC and REST and security
> -----Original Message-----
> From: Zach Kenyon [mailto:zkenyon@swbell.net]
> Sent: Wednesday, February 20, 2002 1:52 PM
> To: xml-dev@lists.xml.org
> Subject: RE: [xml-dev] SOAP-RPC and REST and security
>
> > What I'd like to know is WHY he is against SOAP. In the old days I
> > could understand why people didn't want various RPC
> services exposed
> > on their machines because they were a security risk due to all the
> > buffer overflows and the like that existed in them.
>
> Right, and we've now managed to eliminate all problems with
> buffer overflows
> with today's modern software. Nobody ever uses sprintf anymore.
Your point is lost on me.
Most people I know writing web applications are smart enough to know not
to write them in C or C++. Most web applications are written in Java,
ASP (VBScript/Jscript), and Perl. None of which I've seen have a problem
with buffer overflows.
It's one thing to be against clients remotely executing code on a server
and another to scapegoat SOAP in an ill-conceived attempt to garner
negative press towards a misunderstood technology.
After all, buffer overflows are possible in all web applications written
in unsafe languages. Whether they use SOAP or not is inconsequential.
--
THINGS TO DO IF I BECOME AN EVIL OVERLORD #119
I will not attempt to kill the hero by placing a venomous creature in
his room.
It will just wind up accidentally killing one of my clumsy henchmen
instead.
|