OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help



   Re: [xml-dev] SOAP-RPC and REST and security

[ Lists Home | Date Index | Thread Index ]

On Wednesday 20 February 2002 04:38 pm, Michael Brennan wrote:
> > Visibility/discovery. Knowing about something is a priviledge. Not
> > even providing a means for discovery is better protection
> > than fending off people trying to break down the door.
> Security through obscurity is the worst kind of security there is.

I'm not talking about security via obscurity.... but rather not having 
*any* path to a resource unless explictly granted it. One is roughly 
akin to ACL's, the other, capabilities.

> Given enough time, someone will always figure out what you are
> trying to hide. There are plenty of well-known case studies of
> security breaches proving that. Just look through the back issues of
> Bruce Schneier's newsletter [1] and you can find plenty of those;
> it's one of his favorite subjects.

Whatever. A resource that is hidden but accessible is different from 
one that is both invisibile (literally not visible) and not 


News | XML in Industry | Calendar | XML Registry
Marketplace | Resources | MyXML.org | Sponsors | Privacy Statement

Copyright 2001 XML.org. This site is hosted by OASIS