Beefy Boxes and Bandwidth Generously Provided by pair Networks
laziness, impatience, and hubris
 
PerlMonks  

Re: Re (tilly) 3: SOAP::Lite dispatch routine

by IlyaM (Parson)
on Jan 04, 2002 at 01:52 UTC ( #136109=note: print w/replies, xml ) Need Help??


in reply to Re (tilly) 3: SOAP::Lite dispatch routine
in thread SOAP::Lite dispatch routine

I just don't understand why SOAP is treated so specially. SOAP have not added anything really new. You can roll your own RPC implementations using HTTP and CGIs, SMTP and scripts in /etc/aliases, etc. SOAP can be more convinient in some cases because it is standart and is supported in many languages. And developer who doesn't understand security implications of networking applications can open security holes both in CGI and in SOAP server.

I tend to agree that with SOAP::Lite it is too easy to make mistakes. But it is just fault of SOAP::Lite but not fault of SOAP protocol itself. Adding requirement to specify list of methods which can be remotly called could solve this problem.

--
Ilya Martynov (http://martynov.org/)

  • Comment on Re: Re (tilly) 3: SOAP::Lite dispatch routine

Replies are listed 'Best First'.
Re (tilly) 5: SOAP::Lite dispatch routine
by tilly (Archbishop) on Jan 04, 2002 at 08:03 UTC
    Extending my analogy above, SOAP is like buying manufactured cigarettes. No, you don't need to use them to cause damage, but easy availability increases the problem.

    All of the other RPC mechanisms you discuss suffer from the same problems that I gave for SOAP. And in all of those cases the use of those on servers regularly leads to problems. They don't generally lead to horrible client issues though since the clients at least tend to be relatively solidly designed. (Compare IE with, say, Microsoft Word for security. There is no comparison. IE, for all of its mistakes, had to take it into account from day 1. Microsoft Word, as the routine macro viruses can attest, was not.) There is certainly nothing magic about SOAP that makes it better or worse than them.

    But I single out SOAP because it is the protocol of choice for would-be buzzword-compliant people (a group who I have distrust and distaste for at best) who want to enable a wide variety of random clients to use a programatic interface to use over the Internet. It is particularly popular among people who want to do the kinds of things that firewall administrators (rightly) are inclined to audit and possibly block. It is even being marketed that way.

    Therefore I believe that the density of scarily moronic things being done with SOAP is much higher than with the other RPC mechanisms that you mention. If people were being encouraged to open sloppily written Excel spreadsheets over the Internet with another RPC mechanism, I would be just as unhappy with it. But it isn't another RPC mechanism, it is SOAP which has that dubious honor, so it is SOAP I am speaking up about.

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://136109]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others lurking in the Monastery: (8)
As of 2020-11-27 20:20 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found

    Notices?