Lists Home |
Date Index |
- To: <email@example.com>,<firstname.lastname@example.org>
- Subject: RE: [xml-dev] SOAP-RPC and REST and security
- From: "Dare Obasanjo" <email@example.com>
- Date: Wed, 20 Feb 2002 14:11:17 -0800
- Thread-index: AcG6WlGVVQYHRaceQd+qb8lB2V3dMwAAAzwg
- Thread-topic: [xml-dev] SOAP-RPC and REST and security
> -----Original Message-----
> From: Zach Kenyon [mailto:firstname.lastname@example.org]
> Sent: Wednesday, February 20, 2002 1:52 PM
> To: email@example.com
> Subject: RE: [xml-dev] SOAP-RPC and REST and security
> > What I'd like to know is WHY he is against SOAP. In the old days I
> > could understand why people didn't want various RPC
> services exposed
> > on their machines because they were a security risk due to all the
> > buffer overflows and the like that existed in them.
> Right, and we've now managed to eliminate all problems with
> buffer overflows
> with today's modern software. Nobody ever uses sprintf anymore.
Your point is lost on me.
Most people I know writing web applications are smart enough to know not
to write them in C or C++. Most web applications are written in Java,
ASP (VBScript/Jscript), and Perl. None of which I've seen have a problem
with buffer overflows.
It's one thing to be against clients remotely executing code on a server
and another to scapegoat SOAP in an ill-conceived attempt to garner
negative press towards a misunderstood technology.
After all, buffer overflows are possible in all web applications written
in unsafe languages. Whether they use SOAP or not is inconsequential.
THINGS TO DO IF I BECOME AN EVIL OVERLORD #119
I will not attempt to kill the hero by placing a venomous creature in
It will just wind up accidentally killing one of my clumsy henchmen