Re: RE: SOAP-RPC and REST and security
On Wed, 20 Feb 2002, Mike Champion wrote: > the data gets there by SOAP-RPC, SOAP messaging, REST, CGI, or whatever. > Probably *any* text-based message format (XML or URI) would seriously > constrain a hacker's ability to put nasty code in that overflow. Not so, I'm afraid - it's just as bad. IIS has had a lot of problems with specially written URLs causing havoc... in particular, with text encodings, a whole new class of problem has arisen: Unicode exploits! > The strongest case I could make against SOAP and web security after reading > this thread would be that it is relatively easy for a naive user of > a web service generating wizard to expose some object as a web service > that could be misused by a hacker out on the internet somewhere. Indeed. > Again, > in retrospect, that would be true however the code code invoked, as > a SOAP RPC request, a CGI script, or while processing a REST message. Indeed. ABS -- Alaric B. Snell http://www.alaric-snell.com/ http://RFC.net/ http://www.warhead.org.uk/ Any sufficiently advanced technology can be emulated in software
PURCHASE STYLUS STUDIO ONLINE TODAY!
Purchasing Stylus Studio from our online shop is Easy, Secure and Value Priced!
Download The World's Best XML IDE!
Accelerate XML development with our award-winning XML IDE - Download a free trial today!
Subscribe in XML format