RE: Microsoft invents SOAP

["Scott, Richard" <Richard.Scott () bestbuy com>]

<cut>
        
        http://msdn.microsoft.com/xml/general/SOAP_White_Paper.asp

        Microsoft has replace DCOM with SOAP (Simple Object Access Protocol)
for
        e-commerce development.  DCOM had many shortcomings when trying to
        communicate through firewalls, they never really understood how NAT
worked.
        This tool set allows DCOM objects to basically be encapsulated
inside http.
        Their suggestion is to open a port 80 proxy from your webserver(s)
to your
        application server(s) on the inside.

        Firstly, I can't think why one would want a DCOM object being
accessed like the one given on the white paper.
        I think that example is a poor illustration.  I would much prefer
binding this functionality to ASP/COM where the ASP code has control over
the DCOM object.  This way, one doesn't have to worry about access to the
COM object via the firewall, since the web server itself can only access it.
The ASP code could perform input validation in an attempt to prevent
parameter overloading, causing buffer overflow problems (DoS et al).
        Better still, the application server that houses the DCOM object can
be placed in a separate DMZ from the web server, and correctly setting up
the DMZ privs for the application server et al, will strengthen security.

        Can anyone give a better example of why one would allow people to
directly access a DCOM object from the net?


Cheers
r.
Richard Scott   
The views expressed in this email do not represent Best Buy
or any of its subsidiaries.