xml-soap-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From d..@us.ibm.com
Subject Re: add doGet support
Date Fri, 11 Aug 2000 15:54:57 GMT



I wasn't necessarily thinking of having 'write' operation just 'read' ones
(wanting to keep it a simple URL).
But if there's a security issue with this then wouldn't there be one with
the
Admin stuff?
-Dug


"Wouter Cloetens" <wcloeten@raleigh.ibm.com> on 08/11/2000 12:24:54 AM

Please respond to soap-dev@xml.apache.org

To:   "soap-dev@xml.apache.org" <soap-dev@xml.apache.org>
cc:
Subject:  Re: add doGet support



On Fri, 11 Aug 2000 09:52:23 -0400, dug@raleigh.ibm.com wrote:

>I have a change to RPCRouterServlet.java that I'd like to
>get feedback on.  Rather than simply returning an error on a
>doGet request, I've added code so that doGet will support
>some of the simple ServiceManagerClient requests.

Uh, are you sure that's a good idea? I'm thinking security here. I
don't want everybody who can send SOAP requests to my server to
actually be able to *administer* my SOAP service manager... I'm not
sure all webservers out there have the ACL granularity allowing POST
requests to go unauthenticated, but forcing a login for GET to the same
URI.

bfn, Wouter
--
http://www.workspot.net/~zombie/soap/
My opinions are irrelevant. They will be assimilated by my employer.





Mime
View raw message