W3C home > Mailing lists > Public > xml-dist-app@w3.org > May 2000

RE: XML Protocols Shakedown

From: Wetzel, Baylor <Baylor.Wetzel@bestbuy.com>
Date: Mon, 22 May 2000 17:48:05 -0500
Message-ID: <1D97DF8321C5D311A54D0008C791DAF80131F85B@cs12mail.bestbuy.com>
To: xml-dist-app@w3.org
>Is there something specific about XML schemas that raises a security issue?

Well, there is always that security uh-oh response to the idea of purposely
setting up a corporate Web site to allow anyone on the Internet to invoke
processes on their servers

Ex. - i set up a site to sell TVs. A server behind the firewall has an
object called Order with a method called ProcessOrder(Properties Customer,
Boolean HasBeenPaidFor). That object has a SOAP interface. Now anyone in the
entire world who knows the URL and interface can order themselves a big
screen TV

Of course, i can try to protect that. Look at the poster's IP address, pass
authentication tickets, use non-standard ports, etc. But history tells us
that if you claim no one can break in, someone will find a way

software poet and ai guy
Best Buy->IS->EIC->Enterprise Architecture & Integration
Area: artificial intelligence, system integration, object modeling, system
architecture, R&D
Research Area: virtual employees (virtual sales agents, customer service
reps, etc.)
"If you don't pay attention to every little detail, you miss most of the
> Direct:  612.324.0445
Received on Monday, 22 May 2000 18:48:09 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 22:01:09 UTC