Cart
|
[XML-DEV Mailing List Archive Home] [By Thread] [By Date] [Recent Entries] [Reply To This Message] RE: SOAP-RPC and REST and security
 > From: Paul Prescod [mailto:paul@p...] <snip/> > Bruce S. raised a serious technical issue that has not been refuted. > I've documented others in an essay here: > > http://www.prescod.net/rest/security.html > > Let me say again: REST is not a security silver bullet. SOAP services > are not guaranteed to be insecure. > > But specifications and communities can encourage security and make it > easy or discourage it and make it hard. SOAP (whether RPC or > "messaging") does the latter. I fail to see how any of the points raised do not apply equally to web apps being built today by developers using ASP, ColdFusion, PHP, or simple CGI scripts -- with no SOAP involved. The problem I have is that SOAP is being wrongly depicted as somehow making things worse. I don't see how it is making things worse or better; it is just more of the same. And writing articles about supposed security problems intrinsic to SOAP is just contributing to misinformation. If developers are left to belive that their ASP pages or CGI scripts are somehow intrinsically more secure than SOAP, how is that helping? I fail to see what's special about SOAP, here. 
|
PURCHASE STYLUS STUDIO ONLINE TODAY!Purchasing Stylus Studio from our online shop is Easy, Secure and Value Priced! 
Download The World's Best XML IDE!Accelerate XML development with our award-winning XML IDE - Download a free trial today! Subscribe in XML format
|
|||||||||
