[XML-DEV Mailing List Archive Home] [By Thread] [By Date] [Recent Entries] [Reply To This Message]

Re: SOAP, plague, love

• From: Matt Sergeant <matt@s...>
• To: Dave Winer <dave@u...>
• Date: Sat, 6 May 2000 11:04:01 +0100 (BST)

On Fri, 5 May 2000, Dave Winer wrote:

> Not running an HTTP server? Then you'll never get one.

So, all new Red Hat linux installations will though. (I know that's Red
Hat's fault - but the ILOVEYOU virus is MS's fault - but blame doesn't
stop it spreading).

> Can a firewall administrator block SOAP and XML-RPC messages? Absolutely.

Not easily with Linux ipchains firewalls. We're talking 30% of the world's 
web servers here.

As for XML-RPC being only as inherently insecure as CGI's, well that may
be true. But we're still discovering wierd security issues with CGI's that
even careful CGI writers have been bitten by (XSS). I await with interest
the XML-RPC/SOAP cert advisories ;-) While I do mean that humorously (I
hope it never happens) let's not be naive here. XML-RPC is something
new. So was Javascript, and it was also designed to be secure from the
outset. So was Java. All had (have) security bugs.

-- 
<Matt/>

Fastnet Software Ltd. High Performance Web Specialists
Providing mod_perl, XML, Sybase and Oracle solutions
Email for training and consultancy availability.
http://sergeant.org http://xml.sergeant.org



***************************************************************************
This is xml-dev, the mailing list for XML developers.
To unsubscribe, mailto:majordomo@x...&BODY=unsubscribe%20xml-dev
List archives are available at http://xml.org/archives/xml-dev/
***************************************************************************

• References:
  • Re: SOAP, plague, love
    • From: "Dave Winer" <dave@u...>

• Prev by Date: Re: strange XML-like spam
• Next by Date: Re: The complete xml-dev archives are back online
• Previous by thread: Re: SOAP, plague, love
• Next by thread: Re: SOAP, plague, love
• Index(es):
  • Date
  • Thread