Lists Home |
Date Index |
2/20/2002 8:24:43 PM, Michael Brennan <Michael_Brennan@Allegis.com> wrote:
> I don't see SOAP as having introduced
>anything fundamentally new into the mix in this regard.
Hmmm, that's an interesting point. Maybe the people who worry about
SOAP see it as DCOM minus-minus and the people who don't see
it as CGI plus-plus. I must admit that
when I think of SOAP as a more orderly and flexible way of doing what we do
with CGI/servlets/etc., I kinda like it ... and when I think of it as
a way for naive (or evil) people to enable random jerks on the internet
to execute untrustworthy code remotely, I don't.
Which is it, or is it both? Mechanically, it seems almost certainly true
that anything bad that could be done with SOAP could be done with the
previous generation of web technologies. On the other hand, SOAP is getting
so many power tools hooked up to it that CGI (etc.) never had, so bad
things could happen more quickly and easily. You can cut off your arm
with a handsaw if you really try, but it is SO much easier with
a power saw whether or not you try.
Is that an appropriate analogy? Is the potential security problem we've
been talking about at the tool level rather than the protocol level?
And how likely is it that a semi-competent developer using a modern
web services wizard would "cut his arm off" accidentally?