Cart
[Home] [By Thread] [By Date] [Recent Entries]
> -----Original Message----- > From: Zach Kenyon [mailto:zkenyon@s...] > Sent: Wednesday, February 20, 2002 1:52 PM > To: xml-dev@l... > Subject: RE: SOAP-RPC and REST and security > > > What I'd like to know is WHY he is against SOAP. In the old days I > > could understand why people didn't want various RPC > services exposed > > on their machines because they were a security risk due to all the > > buffer overflows and the like that existed in them. > > Right, and we've now managed to eliminate all problems with > buffer overflows > with today's modern software. Nobody ever uses sprintf anymore. Your point is lost on me. Most people I know writing web applications are smart enough to know not to write them in C or C++. Most web applications are written in Java, ASP (VBScript/Jscript), and Perl. None of which I've seen have a problem with buffer overflows. It's one thing to be against clients remotely executing code on a server and another to scapegoat SOAP in an ill-conceived attempt to garner negative press towards a misunderstood technology. After all, buffer overflows are possible in all web applications written in unsafe languages. Whether they use SOAP or not is inconsequential. -- THINGS TO DO IF I BECOME AN EVIL OVERLORD #119 I will not attempt to kill the hero by placing a venomous creature in his room. It will just wind up accidentally killing one of my clumsy henchmen instead.
|
