[XML-DEV Mailing List Archive Home] [By Thread] [By Date] [Recent Entries] [Reply To This Message] Re: Generality of HTTP
On Monday 21 January 2002 11:15 pm, Paul Prescod wrote: > I don't really know how HTTP makes this any harder than anything > else. At least HTTP has a security model. Security for RPC seems a > very difficult (intractable?) problem. HTTP has a very > understandable but flexible security model. I would say that many > services need nothing more complex than "rwx" ACLs. HTTP isn't intrinsically more insecure except that using HTTP proxies is a well-accepted practise. One part of security are the principals of least-priviledge and least-disclosure (don't give permissions to to more than the minimum, and don't tell anyone about things). The web (internet in general) aren't designed with these explicitly in mind, especially least-disclosure. The infrastructure as it exists is probably "goof enough", but I don't think it's ideal.
|
PURCHASE STYLUS STUDIO ONLINE TODAY!Purchasing Stylus Studio from our online shop is Easy, Secure and Value Priced! Download The World's Best XML IDE!Accelerate XML development with our award-winning XML IDE - Download a free trial today! Subscribe in XML format
|