httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dean Gaudet <>
Subject Re: Simple Object Access Protocol
Date Thu, 04 Nov 1999 16:14:42 GMT
what exactly is "web information" ?  i can put whatever i want on a "web
page".  information is just bits.  what you're saying sounds a lot like
saying fetching porn is a security hole which firewall vendors should be


On Tue, 2 Nov 1999, Roy T. Fielding wrote:

> The reason not to is that SOAP makes use of a security hole in most
> firewalls (the ones that only check port numbers) in order to transfer
> non-Web information across port 80 in spite of a site's security restrictions.
> Other than that, it is just an incredibly stupid way to perform RPC.
> As soon as the firewall makers get off their butts and fix the holes,
> SOAP will be completely useless.
> There is no SOAP working group -- it is just an MS draft.  As far as
> impleentation is concerned, just create a mod_soap with features similar
> to mod_cgi (all SOAP does is change the encoding format of a
> request body to an XML variant of DCOM).
> ....Roy
> In message <007f01bf2573$74396b10$>,
> Bill Stoddard writes:
> >Is anyone on the list familier with SOAP?
> >
> >
> >
> >SOAP is an HTTP/XML based RPC mechanism being pushed by MS, I think, as a
> >replacement for DCOM. Does anyone see any inherent difficulties with
> >accomodating SOAP in Apache? From reading the IETF draft, it appears we
> >would need to support the M-Post method and recognise some additional
> >headers. Doesn't sound to onorous.  Beyond that, seems the capability to
> >build and transport SOAP objects would rely on a good XML parser and a
> >scripting engine (PHP, mod_perl, Jakarta, etc). What's SOAPs status in the
> >IETF?  The upcoming IETF in DC doesn't mention it or an HTTP WG meeting
> >either.
> >
> >Bill

View raw message