Bruce Schneier rips SOAP

Date view Thread view Subject view Author view

From: Adam L. Beberg (beberg@mithral.com)
Date: Sat Jun 17 2000 - 05:30:17 PDT


Maybe Bruce pointing out a bad thing will get someone to listen...
but probably not.

http://www.counterpane.com/crypto-gram-0006.html

"It's basically remote procedure calls (RPC) implemented via HTTP with
XML content. Because no security is required in either HTTP, XML, or
SOAP, it's a pretty simple bet that different people will bungle any
embedded security in different ways, leading to different holes on
different implementations. SOAP is going to open up a whole new avenue
for security vulnerabilities."

- Adam L. Beberg
  Mithral Communications & Design, Inc.
  The Cosm Project - http://cosm.mithral.com/
  beberg@mithral.com - http://www.iit.edu/~beberg/


Date view Thread view Subject view Author view

This archive was generated by hypermail 2b29 : Mon Jun 19 2000 - 14:52:04 PDT