Cart
[Home] [By Thread] [By Date] [Recent Entries]
>From: Francis Norton [mailto:francis@r...] >> >> It's one thing to be against clients remotely executing code on a server >> and another to scapegoat SOAP in an ill-conceived attempt to garner >> negative press towards a misunderstood technology. >> >> After all, buffer overflows are possible in all web applications written >> in unsafe languages. Whether they use SOAP or not is inconsequential. > >I would suggest that one of the security advantages of Web >Services is that you can specify the lengths and types of all >fields using XML Schema, and that you use a robust third-party >component to parse and validate the actual data. > How is this different from REST, where an XML document of a specified type may be POSTed to a URL and parsed there, probably by the same parser? Well, one difference is that SOAP adds a bunch of complexity with no benefit. That's never good for security. james -- James Uther www.F-Secure.com Senior Software Engineer F-Secure Corporation Securing the Mobile Enterprise
|
