W3C home > Mailing lists > Public > xml-dist-app@w3.org > January 2006

Re: Action Item - Part I: WSRX and MEP signaling on the wire (clarification)

From: Mark Baker <distobj@acm.org>
Date: Thu, 12 Jan 2006 17:28:24 -0500
Message-ID: <c70bc85d0601121428o31333e65t2dddf7be841a43ae@mail.gmail.com>
To: David Hull <dmh@tibco.com>
Cc: xml-dist-app@w3.org

On 1/11/06, David Hull <dmh@tibco.com> wrote:
> > still impact HTTP intermediaries, in particular in this case,
> > firewalls, which require knowing what's a request and what's a
> > response to do their job properly. Consider that if SOAP requests
> > could arrive as HTTP responses (PAOS anyone?), that this would be a
> > serious security problem.
>
>  At the risk of sounding repetitious, what do you see as the security (or
> other) problem?

Well, the job of the firewall is to restrict access to services
situated behind it, which it does by, amoungst other things, limiting
the kinds of requests that can be made of these services.  In order to
be able to do that, it has to be able to identify all messages which
are requests.  Now, if a request is tunneled through a response, then
it will not see it, thereby enabling that request to bypass the access
restrictions that the firewall is applying (or trying to).

Mark.
Received on Thursday, 12 January 2006 22:28:38 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 7 December 2009 10:59:21 GMT