RE: XML Protocols Shakedown

>Is there something specific about XML schemas that raises a security issue?


Well, there is always that security uh-oh response to the idea of purposely
setting up a corporate Web site to allow anyone on the Internet to invoke
processes on their servers

Ex. - i set up a site to sell TVs. A server behind the firewall has an
object called Order with a method called ProcessOrder(Properties Customer,
Boolean HasBeenPaidFor). That object has a SOAP interface. Now anyone in the
entire world who knows the URL and interface can order themselves a big
screen TV

Of course, i can try to protect that. Look at the poster's IP address, pass
authentication tickets, use non-standard ports, etc. But history tells us
that if you claim no one can break in, someone will find a way

-b
----------------------------------------------------------------------------
----------------------------------
baylor
software poet and ai guy
Best Buy->IS->EIC->Enterprise Architecture & Integration
Area: artificial intelligence, system integration, object modeling, system
architecture, R&D
Research Area: virtual employees (virtual sales agents, customer service
reps, etc.)
"If you don't pay attention to every little detail, you miss most of the
jokes"
> Direct:  612.324.0445
<fnord>

Received on Monday, 22 May 2000 18:48:09 UTC