Re: XML Protocols Shakedown

Andrew Layman wrote:

> Help me, please, to understand how this is specific to XML schemas.

it is'nt ...

> -----Original Message-----
> From: Wetzel, Baylor []
> Sent: Monday, May 22, 2000 3:48 PM
> To:
> Subject: RE: XML Protocols Shakedown
> >Is there something specific about XML schemas that raises a security issue?
> Well, there is always that security uh-oh response to the idea of purposely
> setting up a corporate Web site to allow anyone on the Internet to invoke
> processes on their servers
> Ex. - i set up a site to sell TVs. A server behind the firewall has an
> object called Order with a method called ProcessOrder(Properties Customer,
> Boolean HasBeenPaidFor). That object has a SOAP interface. Now anyone in the
> entire world who knows the URL and interface can order themselves a big
> screen TV
> Of course, i can try to protect that. Look at the poster's IP address, pass
> authentication tickets, use non-standard ports, etc. But history tells us
> that if you claim no one can break in, someone will find a way
> -b
> ----------------------------------------------------------------------------
> ----------------------------------
> baylor
> software poet and ai guy
> Best Buy->IS->EIC->Enterprise Architecture & Integration
> Area: artificial intelligence, system integration, object modeling, system
> architecture, R&D
> Research Area: virtual employees (virtual sales agents, customer service
> reps, etc.)
> "If you don't pay attention to every little detail, you miss most of the
> jokes"
> > Direct:  612.324.0445
> <fnord>

Received on Monday, 22 May 2000 19:10:53 UTC