OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

 


 

   RE: [xml-dev] SOAP-RPC and REST and security

[ Lists Home | Date Index | Thread Index ]

On 20 Feb 2002, at 14:11, Dare Obasanjo wrote:

> Most people I know writing web applications are smart enough to know not
> to write them in C or C++. 

There are an awful lot of componants ((D)COM(+) as an example) writted in 
C++.  Not to mention the fact that lots of server/middleware/database 
products are written in C/++.

> Most web applications are written in Java,
> ASP (VBScript/Jscript), and Perl. None of which I've seen have a problem
> with buffer overflows. 

Not in and of themselves.  But scripting languages do tend to use things on 
the server that do have problems with buffer overflows.  When's the last time 
you saw a web application implemented wholly in VBScript without the use 
of COM/DNA/CS2K/etc?

> It's one thing to be against clients remotely executing code on a server
> and another to scapegoat SOAP in an ill-conceived attempt to garner
> negative press towards a misunderstood technology. 

I think you've just proven one of Paul's points - REST, as implemented by 
passing URIs around is more widely understood than SOAP.  Why add 
YALayer with all of it retooling requirements into the mix?  Why not build on 
what we already have - and what's already proven to be wildly successful?

SOAP is cool, don't get me wrong.  I just don't see the need to add that 
much more complexity to what boils down to essentially PUT-GET-POST-
DELETE.

> After all, buffer overflows are possible in all web applications written
> in unsafe languages. Whether they use SOAP or not is inconsequential. 

True.  Bugs increase with complexity.  Reduce the complexity.
----------------------------------------------------
Sign Up for NetZero Platinum Today
Only $9.95 per month!
http://my.netzero.net/s/signup?r=platinum&refcd=PT97




 

News | XML in Industry | Calendar | XML Registry
Marketplace | Resources | MyXML.org | Sponsors | Privacy Statement

Copyright 2001 XML.org. This site is hosted by OASIS