[XML-DEV Mailing List Archive Home] [By Thread] [By Date] [Recent Entries] [Reply To This Message]

Re: SOAP, plague, love

  • From: Tim Bray <tbray@t...>
  • To: <xml-dev@x...>
  • Date: Sat, 06 May 2000 10:19:24 -0700

scriptable email client
At 07:54 AM 5/6/00 -0700, Dave Winer wrote:
>>>It's unfortunate Microsoft doesn't consider that an issue.
>You don't know that, in fact I'm sure they do consider all these things
>issues.
...
>... They're
>just people. Many of them are also good technologists, as good as you or I.
>Let's give them a chance to do the right thing.

Well yes, but in this case, they released a scriptable email client full of 
trap-doors and gotchas to the entire world, and encouraged people with 
direct internet connections to use it.  Given that this error has now put
the world through several spells of extreme viral nastiness, it seems to me 
a reasonable reaction to shriek in horror and assert that one way to avoid 
nastiness like that of the last week is to avoid the use of broken email 
clients.

Several people I know who are smart but lack a deep understanding of things
like firewalls and Windows Scripting Host have been using Outlook because
that's what came with the machine; and have been hurt.  So when something
new like XML-RPC/Soap comes along, I think it's perfectly reasonable for
journalists and analysts, who (surprise, surprise) may not be that deep
in their technical perceptions, to ask hard questions to discover what (if 
any) vulnerabilities this opens up.

The answer is: SOAP/XML-RPC can (and will) be used to implement things in 
stupid ways that leave security holes; just like their moral equivalents,
the CGI scripts of the world.  But, unlike for example Outlook, using SOAP
in the default way as as provided out of the box is not guaranteed to make
your computer vulnerable to vicious attacks by bored teenagers. -Tim

***************************************************************************
This is xml-dev, the mailing list for XML developers.
To unsubscribe, mailto:majordomo@x...&BODY=unsubscribe%20xml-dev
List archives are available at http://xml.org/archives/xml-dev/
***************************************************************************

PURCHASE STYLUS STUDIO ONLINE TODAY!

Purchasing Stylus Studio from our online shop is Easy, Secure and Value Priced!

Buy Stylus Studio Now

Download The World's Best XML IDE!

Accelerate XML development with our award-winning XML IDE - Download a free trial today!

Don't miss another message! Subscribe to this list today.
Email
First Name
Last Name
Company
Subscribe in XML format
RSS 2.0
Atom 0.3
 

Stylus Studio has published XML-DEV in RSS and ATOM formats, enabling users to easily subcribe to the list from their preferred news reader application.


Stylus Studio Sponsored Links are added links designed to provide related and additional information to the visitors of this website. they were not included by the author in the initial post. To view the content without the Sponsor Links please click here.

Site Map | Privacy Policy | Terms of Use | Trademarks
Free Stylus Studio XML Training:
W3C Member
Stylus Studio® and DataDirect XQuery ™are products from DataDirect Technologies, is a registered trademark of Progress Software Corporation, in the U.S. and other countries. © 2004-2013 All Rights Reserved.