Re:Underspecification invites Security Risks
on
ESR On XML-RPC
·
· Score: 1
If security is a concern in your environment either use something else or select a package that supports it. I know there has been work to integrate Kerbos as an authentication scheme. Check the email list for the Helma Java XML-RPC solution.
XML-RPC and SOAP may be related, but they are two differnt beasts. Do you need to deliver a simple, functional set of function calls to get a project done and get money rolling in the door. Or, do you need to kill the project in development?
SOAP and xRPC complement each other. Just like there is a place for procedural programming and there is a place for OO you have to know which tool to use and when.
If you have a system you want to put an XML interface on you have to understand it before you implement your interface. If the system is already modeled in OO it may be a better idea to use SOAP, but if it is not organized and you can think of it in terms of function calls and procedures then xRPC is a much better choice.
It is much better to replace a buch of embedded SQL calls in a system with a xRPC setup than trying to squeeze into a poorly fitted SOAP architecture. On the other hand if you want to do some fun RMI/CORBA/DCOM kind of stuff SOAP is a great choice.
No, XML-RPC isn't the answer to all your distributed IPC needs, but if you need to do something simple that other people can pick up and run with quickly, this is a good answer. It's helping me make a.com survive the fallout and what more can you say.
Rember pick the right tool and the job is immensly easier.
Slashdot Mirror
If security is a concern in your environment either use something else or select a package that supports it. I know there has been work to integrate Kerbos as an authentication scheme. Check the email list for the Helma Java XML-RPC solution.
XML-RPC and SOAP may be related, but they are two differnt beasts. Do you need to deliver a simple, functional set of function calls to get a project done and get money rolling in the door. Or, do you need to kill the project in development?
.com survive the fallout and what more can you say.
SOAP and xRPC complement each other. Just like there is a place for procedural programming and there is a place for OO you have to know which tool to use and when.
If you have a system you want to put an XML interface on you have to understand it before you implement your interface. If the system is already modeled in OO it may be a better idea to use SOAP, but if it is not organized and you can think of it in terms of function calls and procedures then xRPC is a much better choice.
It is much better to replace a buch of embedded SQL calls in a system with a xRPC setup than trying to squeeze into a poorly fitted SOAP architecture. On the other hand if you want to do some fun RMI/CORBA/DCOM kind of stuff SOAP is a great choice.
No, XML-RPC isn't the answer to all your distributed IPC needs, but if you need to do something simple that other people can pick up and run with quickly, this is a good answer. It's helping me make a
Rember pick the right tool and the job is immensly easier.