Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

RE: RPC over HTTP security

From: "Paris E. Stone" <pstone () alhurra com>
Date: Fri, 28 Jan 2005 09:52:33 -0500
I believe the RPC over only works over httpS.  Not positive, but I
think.  

Microsoft at least decided to make it secured by SSL.

-----Original Message-----
From: Ansgar -59cobalt- Wiechers [mailto:bugtraq () planetcobalt net] 
Sent: Wednesday, January 26, 2005 8:22 PM
To: security-basics () securityfocus com
Subject: Re: RPC over HTTP security

On 2005-01-26 sf_mail_sbm () yahoo com wrote:

We are thinking about deploying RPC over HTTP to access email from the
Internet


Ask yourself two questions:

1. Why does nobody in his right mind do RPC over untrusted networks?
2. How does bloating a protocol by encapsulating it in plain-text make
   it any better?

Regards
Ansgar Wiechers
-- 
"Those who would give up liberty for a little temporary safety
deserve neither liberty nor safety, and will lose both."
--Benjamin Franklin
Previous By Date Next
Previous By Thread Next

Current thread: