Peter wrote: > In TR-69 domain, messages are text-based SOAP envelopes carried in HTTP 1.1 > messages. The messages are always of text/html type and normally > syntactically terminated by </soap:Envelope> tag. > > If you would argue with "what if the soap msg has syntax errors or the end > tag got lost?", i would say it is the same situation as "what if a http msg > has a Content-Length header with incorrect msg body length?". The difference is that HTTP message boundaries (Content-Length etc.) and <soap:Envelope> are normally parsed by different software. Message boundaries are parsed by proxies, and those should not have any knowlege of <soap:Envelope> or other non-HTTP message boundary terminators. Message boundaries are also often parsed by generic HTTP agents, before passing individual messages to specific applications. > In any situation, the receiver should be able to recover from error input. If HTTP message boundaries aren't clear, it opens a whole bunch of security holes. Especially, connections from proxies may carry messages from multiple unrelated users at the same time. -- JamieReceived on Sunday, 25 January 2009 19:49:07 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 7 December 2009 10:38:35 GMT