On Fri, 11 Aug 2000 09:52:23 -0400, dug@raleigh.ibm.com wrote:
>I have a change to RPCRouterServlet.java that I'd like to
>get feedback on. Rather than simply returning an error on a
>doGet request, I've added code so that doGet will support
>some of the simple ServiceManagerClient requests.
Uh, are you sure that's a good idea? I'm thinking security here. I
don't want everybody who can send SOAP requests to my server to
actually be able to *administer* my SOAP service manager... I'm not
sure all webservers out there have the ACL granularity allowing POST
requests to go unauthenticated, but forcing a login for GET to the same
URI.
bfn, Wouter
--
http://www.workspot.net/~zombie/soap/
My opinions are irrelevant. They will be assimilated by my employer.
|