Win a copy of Kotlin in Action this week in the Kotlin forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic

web services security  RSS feed

 
Jim Baiter
Ranch Hand
Posts: 532
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Isn't this sort of an issue for web services that will tunnel on port 80 using SOAP?
http://www.infoworld.com/articles/hn/xml/02/04/03/020403hniss.xml
 
William Brogden
Author and all-around good cowpoke
Rancher
Posts: 13078
6
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
It certainly is an issue. One of the supposed advantages of SOAP over HTTP is that it will get past the firewall - of course, security people don't think this is a good idea.
I don't see why the big flap, after all, a SOAP message is not an independent executable like a virus - if the SOAP service does not provide a method that is a security flaw then nothing can happen except an error message.
Bill
 
Jim Baiter
Ranch Hand
Posts: 532
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I've been hearing stuff like DOS, buffer overflow, 2-way trust violations rather than virii. I think some of these arguments come from the perspective of just having *so* much going through 80 rather than aimed specifically at SOAP itself. You have to weigh the pros and cons I guess. There is and never will be a perfect security.
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!