OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help



   Two sides of SOAP (was RE: [xml-dev] SOAP-RPC and REST and security)

[ Lists Home | Date Index | Thread Index ]

2/20/2002 8:24:43 PM, Michael Brennan <Michael_Brennan@Allegis.com> wrote:

> I don't see SOAP as having introduced
>anything fundamentally new into the mix in this regard.

Hmmm, that's an interesting point.  Maybe the people who worry about 
SOAP see it as DCOM minus-minus and the people who don't see 
it as CGI plus-plus.  I must admit that
when I think of SOAP as a more orderly and flexible way of doing what we do
with CGI/servlets/etc., I kinda like it ... and when I think of it as 
a way for naive (or evil) people to enable random jerks on the internet
to execute untrustworthy code remotely, I don't.

Which is it, or is it both?  Mechanically, it seems almost certainly true
that anything bad that could be done with SOAP could be done with the
previous generation of web technologies.  On the other hand, SOAP is getting 
so many power tools hooked up to it that CGI (etc.) never had, so bad
things could happen more quickly and easily.  You can cut off your arm 
with a handsaw if you really try, but it is SO much easier with
a power saw whether or not you try.

Is that an appropriate analogy?  Is the potential security problem we've
been talking about at the tool level rather than the protocol level?
And how likely is it that a semi-competent developer using a modern
web services wizard would "cut his arm off" accidentally?


News | XML in Industry | Calendar | XML Registry
Marketplace | Resources | MyXML.org | Sponsors | Privacy Statement

Copyright 2001 XML.org. This site is hosted by OASIS