I've heard lots of scary stories about SOAP, in particular because it has some form of RPC functionality and doesn't have its own built-in security, but I've not seem much detailing the real risks. After all, with HTTP connections to back-end applications you can do a lot of damage too (especially with some ASP pages or with CGI scripts). I get the feeling that allowing RPC (for example on Unix systems) is a 'system exposure', but I'm wondering whether allowing SOAP is just an 'application exposure' in which case what's the difference between that and parameter-driven CGI scripts? And how about allowing SOAP for the purposes of 'Web services' together with SAML or some other authentication mechanism? I, too, am wary of SOAP but I'd like to try and put the risks in context so any pointers to good reading material would be appreciated!

Jason

-- 
__________________________________________________________
Sign-up for your own FREE Personalized E-mail at Mail.com
http://www.mail.com/?sr=signup
"Free price comparison tool gives you the best prices and cash back!"
http://www.bestbuyfinder.com/download.htm
_______________________________________________
ISSforum mailing list
ISSforumiss.net

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]