Lists Home |
Date Index |
On Fri, 31 Jan 2003 11:57:43 -0500, Rich Salz <firstname.lastname@example.org> wrote:
> SOAP over HTTP is architecturally no worse than HTTP POST: both are
> sending data and requesting that a server act upon it.
Yup. Is SOAP in an incompetently designed application and incompetently
administered environment any worse than CGI, ASP, or any other tool for
coupling client processing with server-side code via HTTP?
I *will* grant that the cavalier attitude toward security of the dominant
tool vendors that make it all too easy to expose random bits of code as Web
services is a Bad Thing. I would simply ask that people distinguish SOAP
(the technology) from SOAP (the hype frenzy and all the bad stuff that
follows from it) in a discussion such as this.
Also, note the rapidly evolving definition of "firewall" over the last 10
years or so. It was originally an IP-level source/destination filter, plus
TCP-level port-blocking, then HTTP-level URI-filtering .... but firewalls
are becoming XML/XPath-ware, SOAP-aware, and will surely soon understand
specific SOAP header standards related to security (WS-Security, etc.).