W3C home > Mailing lists > Public > xml-dist-app@w3.org > May 2000

Re: XML Protocols Shakedown

From: Larry Cable <larry.cable@sun.com>
Date: Mon, 22 May 2000 16:10:17 -0700
Message-ID: <3929BE58.F581A8F@sun.com>
To: Andrew Layman <andrewl@microsoft.com>
CC: xml-dist-app@w3.org
Andrew Layman wrote:

> Help me, please, to understand how this is specific to XML schemas.

it is'nt ...

>
>
> -----Original Message-----
> From: Wetzel, Baylor [mailto:Baylor.Wetzel@bestbuy.com]
> Sent: Monday, May 22, 2000 3:48 PM
> To: xml-dist-app@w3.org
> Subject: RE: XML Protocols Shakedown
>
> >Is there something specific about XML schemas that raises a security issue?
>
> Well, there is always that security uh-oh response to the idea of purposely
> setting up a corporate Web site to allow anyone on the Internet to invoke
> processes on their servers
>
> Ex. - i set up a site to sell TVs. A server behind the firewall has an
> object called Order with a method called ProcessOrder(Properties Customer,
> Boolean HasBeenPaidFor). That object has a SOAP interface. Now anyone in the
> entire world who knows the URL and interface can order themselves a big
> screen TV
>
> Of course, i can try to protect that. Look at the poster's IP address, pass
> authentication tickets, use non-standard ports, etc. But history tells us
> that if you claim no one can break in, someone will find a way
>
> -b
> ----------------------------------------------------------------------------
> ----------------------------------
> baylor
> software poet and ai guy
> Best Buy->IS->EIC->Enterprise Architecture & Integration
> Area: artificial intelligence, system integration, object modeling, system
> architecture, R&D
> Research Area: virtual employees (virtual sales agents, customer service
> reps, etc.)
> "If you don't pay attention to every little detail, you miss most of the
> jokes"
> > Direct:  612.324.0445
> <fnord>

Received on Monday, 22 May 2000 19:10:53 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 7 December 2009 10:58:56 GMT