[XML-DEV Mailing List Archive Home] [By Thread] [By Date] [Recent Entries] [Reply To This Message] Re: SOAP, plague, love
"Dave Winer" <dave@u...> writes: > In fact SOAP and XML-RPC are no more or less secure than CGI scripts. Noting that CGIs have traditionally been the weakest point in web or site security. > When you're putting up public Internet apps, or private ones that people > could sneak into, remember Murphy's Law and think paranoid. Exactly. And one must be paranoid about each particular web app (SOAP or XML-RPC endpoint) individually. It's not the protocol, in particular, that's more or less secure, but each individual application (client or server) that uses it. Each application has to be assessed as to whether or not it has implemented security precautions (both active (like authentication and authorization) or passive (data-driven attacks like stack overflows)). -- Ken *************************************************************************** This is xml-dev, the mailing list for XML developers. To unsubscribe, mailto:majordomo@x...&BODY=unsubscribe%20xml-dev List archives are available at http://xml.org/archives/xml-dev/ ***************************************************************************
|
PURCHASE STYLUS STUDIO ONLINE TODAY!Purchasing Stylus Studio from our online shop is Easy, Secure and Value Priced! Download The World's Best XML IDE!Accelerate XML development with our award-winning XML IDE - Download a free trial today! Subscribe in XML format
|