Web Services - More Secure or Less?

← Back to Stories (view on slashdot.org)

Web Services - More Secure or Less?

Posted by Cliff on Friday November 16, 2001 @03:23AM from the stuff-to-think-about dept.

visibleman asks: "I have recently moved onto a project which is based around web services and SOAP and have, therefore, been doing some reading on those subjects. One thing which keeps coming up is that web services are claimed to be more secure than CORBA and RMI because it means drilling less holes through firewalls. If I was a firewall administrator (I am not, I am a developer) I would want to know that if I open up a port (port 80 for instance) I know what kind of requests are coming through it. Since SOAP is essentially a mechanism for sending functional requests over a port specified for web page requests this would make me nervous. My preference would be that requests for web pages go over one port and requests to run services go over another - favouring an IIOP solution. Am I off my trolley or would other Slashdotters have similar fears?"

4 of 300 comments (clear)

Min score:

Reason:

Sort:

Re: -blank- by mrbinary · 2001-11-16 03:40 · Score: 0, Offtopic

OK, the person who posted this nonsense 15 times in a row is officially a knob. WRT the question posed, I agree completely, having specific ports that perform functional requests are far superior. Just look at the problems that MS had recently with providing print services over HTTP. Knowing precisely what functionality is provided via a specific port is the only way to effectively filter and block potentially malicious traffic. Nowadays it seems people want to be able to start and stop their dishwasher via HTTP/XML, it's lunacy IMHO, but then I'm very old-school. Still, I've never been cracked or infected so maybe I'm doing something right.

--

----
Slán leat agus go n'eirí an bóthar leat
Re:The tendancy to run everything on port80 by Matt2000 · 2001-11-16 03:54 · Score: 0, Offtopic

I think its appropriate to put a steaming pile of shit on port 80, however if it's a streaming pile of shit I'd recommend ports 8805 and up.
--
- Mod Parent Up by CmdrTaco (Score: 2) 02:41 PM April
Port 80 already used for "services" - CGI by Anonymous Coward · 2001-11-16 04:29 · Score: 0, Offtopic

HTTP has supported extremely simple transactions/services support for years through CGI. Essentially your entire question is moot.
Re:The tendancy to run everything on port80 by adamy · 2001-11-16 06:41 · Score: 0, Offtopic

THis is off topic but...
In response to your Sig. The difference between science and religeon is that Religeon is based on belief and Science is based on doubt.

Now programming on the other hand contains a big chunk of religeon, voodoo, and black magic :)

--
Open Source Identity Management: FreeIPA.org