Security Basics mailing list archives

Re: RPC over HTTP security

From: Ansgar -59cobalt- Wiechers <bugtraq () planetcobalt net>
Date: Thu, 27 Jan 2005 02:22:02 +0100

On 2005-01-26 sf_mail_sbm () yahoo com wrote:

We are thinking about deploying RPC over HTTP to access email from the
Internet


Ask yourself two questions:

1. Why does nobody in his right mind do RPC over untrusted networks?
2. How does bloating a protocol by encapsulating it in plain-text make
   it any better?

Regards
Ansgar Wiechers
-- 
"Those who would give up liberty for a little temporary safety
deserve neither liberty nor safety, and will lose both."
--Benjamin Franklin

Current thread:

RPC over HTTP security sf_mail_sbm (Jan 26)
- Re: RPC over HTTP security Ansgar -59cobalt- Wiechers (Jan 27)
- RE: RPC over HTTP security Shawn Wall (Jan 27)
- Re: RPC over HTTP security Presley, Steven (Jan 27)
- RE: RPC over HTTP security Sarbjit Singh Gill (Jan 27)
- Re: RPC over HTTP security Kevin Conaway (Jan 27)
- <Possible follow-ups>
- RE: RPC over HTTP security Roger A. Grimes (Jan 27)
- RE: RPC over HTTP security Michael B. Morell (Jan 27)
- RE: RPC over HTTP security LordInfidel (Jan 27)
  - RE: RPC over HTTP security Robert Hines (Jan 28)
- RE: RPC over HTTP security Kevin Doheny (Jan 28)
- RE: RPC over HTTP security Paris E. Stone (Jan 28)

(Thread continues...)