From: Adam L. Beberg (beberg@mithral.com)
Date: Sat Jun 17 2000 - 05:30:17 PDT
Maybe Bruce pointing out a bad thing will get someone to listen...
but probably not.
http://www.counterpane.com/crypto-gram-0006.html
"It's basically remote procedure calls (RPC) implemented via HTTP with
XML content. Because no security is required in either HTTP, XML, or
SOAP, it's a pretty simple bet that different people will bungle any
embedded security in different ways, leading to different holes on
different implementations. SOAP is going to open up a whole new avenue
for security vulnerabilities."
- Adam L. Beberg
Mithral Communications & Design, Inc.
The Cosm Project - http://cosm.mithral.com/
beberg@mithral.com - http://www.iit.edu/~beberg/
This archive was generated by hypermail 2b29 : Mon Jun 19 2000 - 14:52:04 PDT