|
[XML-DEV Mailing List Archive Home] [By Thread] [By Date] [Recent Entries] [Reply To This Message] Re: SOAP-RPC and REST and security
On Tuesday 19 February 2002 10:23 pm, Mike Champion wrote: > So, what's the current thinking about SOAP-RPC as a security risk in > *plausible* scenarios where business services are exposed via SOAP? > And is it generally accepted that a REST-ful worm couldn't happen, > or is this wishful thinking on my part? I guess if you give me PUT > access I could send you a virus that did all sorts of harm, but I'd > still have to [expletive deleted] you into running it ... with RPC, a mechanism > exists for the remote user to execute code directly. Given that most initial RESTful applications will use HTTP, I can't see how they'd be intrinsically any safer than SOAP over HTTP. FWIW. One of the basics of security is the notion of "least privilege" which web services (indeed the web in general) almost explicitly goes against because of the global namespaces.
|
PURCHASE STYLUS STUDIO ONLINE TODAY!Purchasing Stylus Studio from our online shop is Easy, Secure and Value Priced! Download The World's Best XML IDE!Accelerate XML development with our award-winning XML IDE - Download a free trial today! Subscribe in XML format
|
|||||||||

Cart








