- From: Larry Cable <larry.cable@sun.com>
- Date: Mon, 22 May 2000 16:10:17 -0700
- To: Andrew Layman <andrewl@microsoft.com>
- CC: xml-dist-app@w3.org
- Message-ID: <3929BE58.F581A8F@sun.com>
Andrew Layman wrote: > Help me, please, to understand how this is specific to XML schemas. it is'nt ... > > > -----Original Message----- > From: Wetzel, Baylor [mailto:Baylor.Wetzel@bestbuy.com] > Sent: Monday, May 22, 2000 3:48 PM > To: xml-dist-app@w3.org > Subject: RE: XML Protocols Shakedown > > >Is there something specific about XML schemas that raises a security issue? > > Well, there is always that security uh-oh response to the idea of purposely > setting up a corporate Web site to allow anyone on the Internet to invoke > processes on their servers > > Ex. - i set up a site to sell TVs. A server behind the firewall has an > object called Order with a method called ProcessOrder(Properties Customer, > Boolean HasBeenPaidFor). That object has a SOAP interface. Now anyone in the > entire world who knows the URL and interface can order themselves a big > screen TV > > Of course, i can try to protect that. Look at the poster's IP address, pass > authentication tickets, use non-standard ports, etc. But history tells us > that if you claim no one can break in, someone will find a way > > -b > ---------------------------------------------------------------------------- > ---------------------------------- > baylor > software poet and ai guy > Best Buy->IS->EIC->Enterprise Architecture & Integration > Area: artificial intelligence, system integration, object modeling, system > architecture, R&D > Research Area: virtual employees (virtual sales agents, customer service > reps, etc.) > "If you don't pay attention to every little detail, you miss most of the > jokes" > > Direct: 612.324.0445 > <fnord>
Received on Monday, 22 May 2000 19:10:53 UTC