[XML-DEV Mailing List Archive Home] [By Thread] [By Date] [Recent Entries] [Reply To This Message] Re: RE: SOAP-RPC and REST and security
On Wed, 20 Feb 2002, Mike Champion wrote: > the data gets there by SOAP-RPC, SOAP messaging, REST, CGI, or whatever. > Probably *any* text-based message format (XML or URI) would seriously > constrain a hacker's ability to put nasty code in that overflow. Not so, I'm afraid - it's just as bad. IIS has had a lot of problems with specially written URLs causing havoc... in particular, with text encodings, a whole new class of problem has arisen: Unicode exploits! > The strongest case I could make against SOAP and web security after reading > this thread would be that it is relatively easy for a naive user of > a web service generating wizard to expose some object as a web service > that could be misused by a hacker out on the internet somewhere. Indeed. > Again, > in retrospect, that would be true however the code code invoked, as > a SOAP RPC request, a CGI script, or while processing a REST message. Indeed. ABS -- Alaric B. Snell http://www.alaric-snell.com/ http://RFC.net/ http://www.warhead.org.uk/ Any sufficiently advanced technology can be emulated in software
|
PURCHASE STYLUS STUDIO ONLINE TODAY!Purchasing Stylus Studio from our online shop is Easy, Secure and Value Priced! Download The World's Best XML IDE!Accelerate XML development with our award-winning XML IDE - Download a free trial today! Subscribe in XML format
|