[
Lists Home |
Date Index |
Thread Index
]
Dare Obasanjo wrote:
>
> It's one thing to be against clients remotely executing code on a server
> and another to scapegoat SOAP in an ill-conceived attempt to garner
> negative press towards a misunderstood technology.
>
> After all, buffer overflows are possible in all web applications written
> in unsafe languages. Whether they use SOAP or not is inconsequential.
>
I would suggest that one of the security advantages of Web Services is that you can specify the lengths and types of all fields using XML Schema, and that you use a robust third-party component to parse and validate the actual data.
Francis.
|