XML Editor - Download a Free Trial >
See What's New >
Buy Now >

[XML-DEV Mailing List Archive Home] [By Thread] [By Date] [Recent Entries] [Reply To This Message]

Re: SOAP-RPC and REST and security

granularity soap
Play the video
Dare Obasanjo wrote:
> 
> Like I said, your point is lost on me. A SOAP request is typically an
> HTTP POST with XML in the body of request. Many web applications use
> HTTP POST as a means of submitting form data instead of putting it in
> GET request URLs. 

Web applications are *supposed to* use HTTP POST to submit form data.

> ... However until this fairly absurd tangent on XML-DEV I
> have NEVER heard anyone say that if suddenly we convert all web
> forms/applications to use HTTP GET instead of HTTP POST, web
> applications would suddenly be more secure.

GETs versus POSTs are not the issue. The issue is how descriptive the
URI. For instance, that is what goes in the logfile because that's what
a REST user would consider the equivalent of checking for port scanning
etc. It's also the granularity of control.

SOAP can never provide an equivalent of the Combined Log File format
because it doesn't know what part of the message is most relevant. It
could be the last element. You'd have to log every single message and
use sophisticated XML query techniques to try to figure out which
messages manipulate which logical resources.

REST can easily block off parts of a service to particular users. SOAP
doesn't even have a notion of "parts of a service." Like everything
else, you the application developer have to invent it for yourself in
SOAP.

> I expect that the people who are making the REST is more secure argument
> are primarily trying to promote an agenda instead of thinking critically
> about their statements which is rather unfortunate.

Yeah, I've got Bruce Schneier in my back pocket as a REST advocate.

 Paul Prescod

PURCHASE STYLUS STUDIO ONLINE TODAY!

Purchasing Stylus Studio from our online shop is Easy, Secure and Value Priced!

Buy Stylus Studio Now

Download The World's Best XML IDE!

Accelerate XML development with our award-winning XML IDE - Download a free trial today!

Don't miss another message! Subscribe to this list today.
Email
First Name
Last Name
Company
Subscribe in XML format
RSS 2.0
Atom 0.3
 

Stylus Studio has published XML-DEV in RSS and ATOM formats, enabling users to easily subcribe to the list from their preferred news reader application.


Stylus Studio Sponsored Links are added links designed to provide related and additional information to the visitors of this website. they were not included by the author in the initial post. To view the content without the Sponsor Links please click here.

XML Editor - Download a 15 Day Free Trial Now >
See What's New in Stylus Studio >
Buy Stylus Studio - XML Editor - Now >
Site Map | Privacy Policy | Terms of Use | Trademarks
Free Stylus Studio XML Training:
W3C Member
Stylus Studio® and DataDirect XQuery ™are products from DataDirect Technologies, is a registered trademark of Progress Software Corporation, in the U.S. and other countries. © 2004-2013 All Rights Reserved.