On Wed, 16 Aug 2006, mikeiscool wrote:
> On 8/16/06, John Wilander <[EMAIL PROTECTED]> wrote:
> > Thanks for all the replies so far! I would just like to comment on
> > Holger Peine's and Mike Hines' viewpoints.
> >
> > [EMAIL PROTECTED] wrote:
> > > I don't see a conflict here: A web service (just
1) you don't have to run web services over port 80
2) you can run lots of interesting things over port 80 not just web services
3) web services are an incremental improvement over dcom, mq series, and
rmi-iiop. I do not see that the IDS and Systems monitoring situation is any
worse, since they ar
On 8/16/06, John Wilander <[EMAIL PROTECTED]> wrote:
> Thanks for all the replies so far! I would just like to comment on
> Holger Peine's and Mike Hines' viewpoints.
>
> [EMAIL PROTECTED] wrote:
> > I don't see a conflict here: A web service (just as any
> > network-accessible
> > service, no matt
Thanks for all the replies so far! I would just like to comment on
Holger Peine's and Mike Hines' viewpoints.
[EMAIL PROTECTED] wrote:
> I don't see a conflict here: A web service (just as any
> network-accessible
> service, no matter whether programmed using sockets, Java RMI, SOAP or
> whatever
lander
> > Sent: Dienstag, 15. August 2006 10:03
> > Subject: [SC-L] Web Services vs. Minimizing Attack Surface
> >
> > Hi!
> >
> > The security principle of minimizing your attack surface
> > (Writing Secure
> > Code, 2nd Ed.) is all about minimizing o
There may be a conflict here depending on the implementation in practice,
but not necessarily. SOA and Web Services often aggregate lots of endpoints
(enterprise service buses do this for example) into a smaller set of service
interfaces.
A couple of weeks ago at MetriCon, Pratyusa Manadhata gave
> [mailto:[EMAIL PROTECTED] On Behalf Of John Wilander
> Sent: Dienstag, 15. August 2006 10:03
> Subject: [SC-L] Web Services vs. Minimizing Attack Surface
>
> Hi!
>
> The security principle of minimizing your attack surface
> (Writing Secure
> Code, 2nd Ed.) i
Thinking about "attackable surface area" is a good metaphor, but I
think it's breaking down on you.
Think about a classic forms-driven (MVC) web application. If it's at
all complex, it'll contain a variety of form processing programs that
are all interlinked with a complex state-sharing mechanism
Hi!
The security principle of minimizing your attack surface (Writing Secure
Code, 2nd Ed.) is all about minimizing open sockets, rpc endpoints,
named pipes etc. that facilitate network communication between
applications. Web services and Service Oriented Architecture on the
other hand are all