Web Services - More Secure or Less?

← Back to Stories (view on slashdot.org)

Web Services - More Secure or Less?

Posted by Cliff on Friday November 16, 2001 @03:23AM from the stuff-to-think-about dept.

visibleman asks: "I have recently moved onto a project which is based around web services and SOAP and have, therefore, been doing some reading on those subjects. One thing which keeps coming up is that web services are claimed to be more secure than CORBA and RMI because it means drilling less holes through firewalls. If I was a firewall administrator (I am not, I am a developer) I would want to know that if I open up a port (port 80 for instance) I know what kind of requests are coming through it. Since SOAP is essentially a mechanism for sending functional requests over a port specified for web page requests this would make me nervous. My preference would be that requests for web pages go over one port and requests to run services go over another - favouring an IIOP solution. Am I off my trolley or would other Slashdotters have similar fears?"

4 of 300 comments (clear)

Min score:

Reason:

Sort:

Re:The tendancy to run everything on port80 by Anonymous Coward · 2001-11-16 03:51 · Score: 1, Funny

A three digit user ID...
</OBEISANCE>
Implementing IP over SOAP by melquiades · 2001-11-16 03:58 · Score: 5, Funny

It's a new trend, run everything on port 80 so your network admin has less to worry about, but that whole concept is a steaming pile of shit.

So true.

It's taken many years to build up the many layers of network security we have. One of the main reason SOAP is so easy to use is that it drills a hole right through all those layers. In other words, SOAP is easy because it encourages you to ignore everything that makes remote applications hard -- like security.

As an example of just how wacky the everything-on-port-80 idea is, and how dangerous, consider this idea I heard from Bruce Schneier: implement IP over SOAP: have a SOAP service listening at two endpoints for IP packets, and forward those packets over SOAP to the other endpoint. Then make one of those endpoints the default gateway for packets into the otherwise-secure network at the other end....

Just ponder that.
Re:The *reason* for the tendancy by ackthpt · 2001-11-16 04:07 · Score: 3, Funny

There's always the honor system...
oooooooooooooooooooooooooooooo o __________Notice _________ o o If you are a cracker or o o terrorist please use port o o port 80 as it is secure. o o Otherwise you may use the o o non-secure port 2000. o o Thanks and have a nice day o oooooooooooooooooooooooooooooo

--

A feeling of having made the same mistake before: Deja Foobar
Re:The *reason* for the tendancy by abe+ferlman · 2001-11-16 05:57 · Score: 3, Funny

Just don't drop your SOAP on port 80 if you know what's good for you...

--
microsoftword.mp3 - it doesn't care that they're not words...