Hi, The warning is nice, but it isn't that useful. Do you have an alternative? I am not looking to do great things, just get a Java client to be able to do a few method calls, and to accept a XML encoded hash of perl data. It is a fairly complex hash though. So I really don't know of another way to send this data. Perhaps if I get rid of the method calls and just use Registry, and then "hand" encode the XML hash with perl that would make you feel better? I still have to deal with auth and I don't see how a SOAP server is any less secure than the server itself is considering every request will be authenticated, no open server stuff, no requests that I don't know who they are coming from. But I am learning, so I am happy to learn more. It is just that your comments seem pretty general.
Thanks, Eric At 11:46 AM 4/21/02 +0100, Matthew Byng-Maddick wrote: >On Sun, Apr 21, 2002 at 01:06:28PM +0200, F. Xavier Noria wrote: >> On Sun, 21 Apr 2002 10:50:53 +0100 >> Matthew Byng-Maddick <[EMAIL PROTECTED]> wrote: >> : On Sun, Apr 21, 2002 at 03:16:53AM -0400, Sam Tregar wrote: >> : > SOAP::Lite module to be of excelent quality and the SOAP::Lite community >> : > to be very helpful. >> : Apart from the obvious security bug, you mean? The one where it doesn't >> : actually restrict what remote code can be run at all? >> SOAP::Lite 0.55 was released some days ago, it addresses that issue >> according to >> http://www.soaplite.com/ > >I'm aware of this, but I can't stress the importance of reviewing such >security-critical code. And the "excellent quality" of the code that was >mentioned by Sam Tregar in his post. > >RPC often is a nightmare security-wise, the SOAP::Lite bug illustrates the >problems perfectly. > >MBM > >-- >Matthew Byng-Maddick <[EMAIL PROTECTED]> http://colondot.net/ > http://www.kwinternet.com/eric (250) 655 - 9513 (PST Time Zone) Learn about the net, not the .Net!
