Hi!
The security principle of minimizing your attack surface (Writing Secure
Code, 2nd Ed.) is all about minimizing open sockets, rpc endpoints,
named pipes etc. that facilitate network communication between
applications. Web services and Service Oriented Architecture on the
other hand are all about exposing functionality to offer interoperability.
Have any of you had discussions on the seemingly obvious conflict
between these things? I would be very happy to hear your conclusions and
opinions!
Regards, John
____________________________
John Wilander, PhD student
Computer and Information Sc.
Linkoping University, Sweden
http://www.ida.liu.se/~johwi
_______________________________________________
Secure Coding mailing list (SC-L)
SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
