- From: Andrew Layman <andrewl@microsoft.com>
- Date: Mon, 22 May 2000 16:07:28 -0700
- To: xml-dist-app@w3.org
Help me, please, to understand how this is specific to XML schemas. -----Original Message----- From: Wetzel, Baylor [mailto:Baylor.Wetzel@bestbuy.com] Sent: Monday, May 22, 2000 3:48 PM To: xml-dist-app@w3.org Subject: RE: XML Protocols Shakedown >Is there something specific about XML schemas that raises a security issue? Well, there is always that security uh-oh response to the idea of purposely setting up a corporate Web site to allow anyone on the Internet to invoke processes on their servers Ex. - i set up a site to sell TVs. A server behind the firewall has an object called Order with a method called ProcessOrder(Properties Customer, Boolean HasBeenPaidFor). That object has a SOAP interface. Now anyone in the entire world who knows the URL and interface can order themselves a big screen TV Of course, i can try to protect that. Look at the poster's IP address, pass authentication tickets, use non-standard ports, etc. But history tells us that if you claim no one can break in, someone will find a way -b ---------------------------------------------------------------------------- ---------------------------------- baylor software poet and ai guy Best Buy->IS->EIC->Enterprise Architecture & Integration Area: artificial intelligence, system integration, object modeling, system architecture, R&D Research Area: virtual employees (virtual sales agents, customer service reps, etc.) "If you don't pay attention to every little detail, you miss most of the jokes" > Direct: 612.324.0445 <fnord>
Received on Monday, 22 May 2000 19:08:04 UTC