XML Editor - Download a Free Trial >
See What's New >
Buy Now >

[XML-DEV Mailing List Archive Home] [By Thread] [By Date] [Recent Entries] [Reply To This Message]

Re: SOAP-RPC and REST and security

natura soap
Play the video
On Wed, Feb 20, 2002 at 09:11:13PM -0600, Zach Kenyon wrote:
>On 20 Feb 2002, at 21:58, Amy Lewis wrote:
>> On your *desktop*?  Does your network admin let you run web services
>> exposed to the internet?  Shouldn't he be looking into "would you like
>> fries with that" training, if so?
>
>Umm.  If you run Windows, you by definition run DCOM.  Is your desktop not 
>connected to the internet?  Did you not send this email via SMTP?

I sure did.  The SMTP daemon doesn't accept incoming connections; the
MUA is mutt, running on Debian Linux (testing).  I do have Windows
boxen on the network.  The firewall suppresses any attempt to contact
them, and they aren't allowed to start any conversations unless I
approve of the protocol.

Exposing any consumer-class OS to the internet without taking serious
steps to secure it is asking for trouble, with a near guarantee of
getting it.

The windows box I use at work is highly insecure.  But it isn't
connected to the internet, except through the firewall.  My admin
certainly isn't planning on allowing me to run IIS (or apache, for that
matter) for public consumption.

>> Refuse access, of course.  Just as HTTP doesn't go through to your
>> probably-insecure desktop web server.  Duh.
>
>How, then, does one connect to one's probably insecure desktop web 
>server?  String and tin cans?

Don't.

There's a reason that recent corporate practice places all machines
offering public services (including HTTP and SMTP) in the DMZ.  Those
machines are under threat, and may not be securable.  I've never worked
for a corp that allowed internal desktop machines to offer public
services.  I don't see that having SOAP on the desktop has any chance
of changing that.

Amy!
-- 
Amelia A. Lewis	        amyzing@t...           alicorn@m...
Igne natura renovatur integra.

PURCHASE STYLUS STUDIO ONLINE TODAY!

Purchasing Stylus Studio from our online shop is Easy, Secure and Value Priced!

Buy Stylus Studio Now

Download The World's Best XML IDE!

Accelerate XML development with our award-winning XML IDE - Download a free trial today!

Don't miss another message! Subscribe to this list today.
Email
First Name
Last Name
Company
Subscribe in XML format
RSS 2.0
Atom 0.3
 

Stylus Studio has published XML-DEV in RSS and ATOM formats, enabling users to easily subcribe to the list from their preferred news reader application.


Stylus Studio Sponsored Links are added links designed to provide related and additional information to the visitors of this website. they were not included by the author in the initial post. To view the content without the Sponsor Links please click here.

XML Editor - Download a 15 Day Free Trial Now >
See What's New in Stylus Studio >
Buy Stylus Studio - XML Editor - Now >
Site Map | Privacy Policy | Terms of Use | Trademarks
Free Stylus Studio XML Training:
W3C Member
Stylus Studio® and DataDirect XQuery ™are products from DataDirect Technologies, is a registered trademark of Progress Software Corporation, in the U.S. and other countries. © 2004-2013 All Rights Reserved.