- From: Wetzel, Baylor <Baylor.Wetzel@bestbuy.com>
- Date: Mon, 22 May 2000 17:48:05 -0500
- To: xml-dist-app@w3.org
>Is there something specific about XML schemas that raises a security issue? Well, there is always that security uh-oh response to the idea of purposely setting up a corporate Web site to allow anyone on the Internet to invoke processes on their servers Ex. - i set up a site to sell TVs. A server behind the firewall has an object called Order with a method called ProcessOrder(Properties Customer, Boolean HasBeenPaidFor). That object has a SOAP interface. Now anyone in the entire world who knows the URL and interface can order themselves a big screen TV Of course, i can try to protect that. Look at the poster's IP address, pass authentication tickets, use non-standard ports, etc. But history tells us that if you claim no one can break in, someone will find a way -b ---------------------------------------------------------------------------- ---------------------------------- baylor software poet and ai guy Best Buy->IS->EIC->Enterprise Architecture & Integration Area: artificial intelligence, system integration, object modeling, system architecture, R&D Research Area: virtual employees (virtual sales agents, customer service reps, etc.) "If you don't pay attention to every little detail, you miss most of the jokes" > Direct: 612.324.0445 <fnord>
Received on Monday, 22 May 2000 18:48:09 UTC