Archive of UserLand's first discussion group, started October 5, 1998.

Re: No more dangerous than a soup recipe?

Author:Ken MacLeod
Posted:5/7/2000; 6:48:08 AM
Topic:scriptingNews outline for 5/6/2000
Msg #:17088 (In response to 17082)
Prev/Next:17087 / 17089

Which transport is being used is not important, what's important is that Web-scale apps built on SOAP are going to want/need to implement server to client communication. By the time it becomes a serious issue, the end-run around the security experts will have already happened.

My parallel to "Let's keep an eye out for it" is "I can envision this happening, what can be done now to make sure it doesn't happen." Issues of this nature have to be addressed in the early cycles of development because they often cannot be addressed, or addressed inexpensively, later in the cycle. Addressing it may even be as simple as "Danger, Danger, never support incoming SOAP calls, use XYZ instead." Issues of this scale also must be addressed by the spec writers and vendors, and not left to end users to work around.

One alternative, as an example, is event notification. Event messages contain simply "something happened" and it's implicit that it's the clients turn to do something. Event messages can be clearly and simply specified, easily assessed from a security standpoint, and validated by security software (like firewalls or desktop security checkers).

Restated, the point is to recognize the problem up front and make sure there are solutions available; preferebly long before it ever comes up as an issue.

There are responses to this message:

This page was archived on 6/13/2001; 4:55:07 PM.

© Copyright 1998-2001 UserLand Software, Inc.