xml-dev - Re: [xml-dev] SOAP-RPC and REST and security

Re: [xml-dev] SOAP-RPC and REST and security

[ Lists Home | Date Index | Thread Index ]

To: Dare Obasanjo <dareo@microsoft.com>
Subject: Re: [xml-dev] SOAP-RPC and REST and security
From: Francis Norton <francis@redrice.com>
Date: Thu, 21 Feb 2002 10:56:36 +0000
Cc: zkenyon@swbell.net, xml-dev@lists.xml.org
References: <8BD7226E07DDFF49AF5EF4030ACE0B7E05573B50@red-msg-06.redmond.corp.microsoft.com>
Reply-to: francis@redrice.com
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:0.9.4) Gecko/20011019 Netscape6/6.2

Dare Obasanjo wrote:

> 
> It's one thing to be against clients remotely executing code on a server
> and another to scapegoat SOAP in an ill-conceived attempt to garner
> negative press towards a misunderstood technology. 
> 
> After all, buffer overflows are possible in all web applications written
> in unsafe languages. Whether they use SOAP or not is inconsequential. 
> 

I would suggest that one of the security advantages of Web Services is that you can specify the lengths and types of all fields using XML Schema, and that you use a robust third-party component to parse and validate the actual data.

Francis.

Follow-Ups:
- Re: [xml-dev] SOAP-RPC and REST and security
  - From: Paul Prescod <paul@prescod.net>

References:
- RE: [xml-dev] SOAP-RPC and REST and security
  - From: "Dare Obasanjo" <dareo@microsoft.com>

Prev by Date: Re: [xml-dev] Traditional RPC
Next by Date: Re: [xml-dev] Re: [namespaceDocument-8] 14 Theses
Previous by thread: RE: [xml-dev] SOAP-RPC and REST and security
Next by thread: Re: [xml-dev] SOAP-RPC and REST and security
Index(es):
- Date
- Thread