Cart
|
[XML-DEV Mailing List Archive Home] [By Thread] [By Date] [Recent Entries] [Reply To This Message] Re: "Uh, what do I need this for" (was RE: XML.COM: How I Learne d toLo
 "Champion, Mike" wrote: > > and (potentially?) giving a new generation of script kiddies a simple way > through all the world's firewalls scares hell out of me. > Is there a detailed case for this worry? I see two possible problem scenarios [a] Does SOAP allow program calls to flow through generic HTTP firewall holes because SOAP is also using HTTP? I think the answer is no. SOAP on HTTP requires a SOAPAction HTTP header - the message will be rejecrtd without it. I'm not a firewall guru but I understand that this could be used to simply disable SOAP traffic on otherwise SOAP-unaware firewall. [b] Does SOAP allow script kiddies new opportunities against intentionally SOAP-enabled firewalls? Again, I think the answer is no. There are no default SOAP services on machines to be left enabled by accident. The fact that SOAP will normally come in through HTTP means that the rest of the server-side infrastructure should be reasonably well hardened. [c] Does SOAP prevent appplication-level or authentication attacks? I'd say no, by design. It delegates other security issues to SSL and the applications in question. But this isn't really the firewall question you're raising. Have I overlooked anything obvious? Francis. 
|
PURCHASE STYLUS STUDIO ONLINE TODAY!Purchasing Stylus Studio from our online shop is Easy, Secure and Value Priced! 
Download The World's Best XML IDE!Accelerate XML development with our award-winning XML IDE - Download a free trial today! Subscribe in XML format
|
|||||||||
