Firewall Wizards mailing list archives
Re: Soap - Was RPCs over HTTPS through the firewall
From: Chuck Swiger <chuck () codefab com>
Date: Fri, 02 May 2003 11:00:53 -0400
Marcus J. Ranum wrote: [ ... ]
No concerns - Soap is from Microsoft, so it's OK. Remember, Microsoft got serious about security last year, and fixed all the flaws in thier code. I think they spent a whole month or something like that doing it. I'm sure that Soap's fine, now.
Absolutely: remember, keeping one's sense of humor with regard to Microsoft security is an important skill for members of this list.
I was going to observe that even Unix-based RPC has had a terrible history, by which I mean problems with portmap, NFS, pretty much every CDE-based service I've heard of (cmsd?), rpc.lockd, etc.
I believe Microsoft recently said that they weren't going to even try to fix the security problems with the RPC service locator for WinNT, their equivalent of portmap. All of this being said, I haven't really even looked at SOAP, so whether the history of other forms of RPC-- or of Microsoft software-- is relevant to Mason's case is another question.
-- -ChuckPS: I was wondering how to phrase the notion that there is approximately 100% correlation between the history of something, and the current status of that thing. :-)
I was taught to write software in an academic environment where a program that crashed got a failing grade, period. You were given test cases and the correct results your program should produce, but your code would be run against other data (quite possibly randomized per student) that you didn't have. Your program either ran and got the correct answers, ran and made mistakes, or failed to run.
_______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Soap - Was RPCs over HTTPS through the firewall Mason Schmitt (May 02)
- Re: Soap - Was RPCs over HTTPS through the firewall Marcus J. Ranum (May 02)
- Re: Soap - Was RPCs over HTTPS through the firewall Mason Schmitt (May 02)
- RE: Soap - Was RPCs over HTTPS through the firewall Dick Brooks (May 02)
- Re: Soap - Was RPCs over HTTPS through the firewall Chuck Swiger (May 02)
- Re: Soap - Was RPCs over HTTPS through the firewall Dave Piscitello (May 13)
- Re: Soap - Was RPCs over HTTPS through the firewall Mason Schmitt (May 02)
- Re: Soap - Was RPCs over HTTPS through the firewall Crispin Cowan (May 02)
- Re: Soap - Was RPCs over HTTPS through the firewall Jim Seymour (May 03)
- Re: Soap - Was RPCs over HTTPS through the firewall Dan Schlitt (May 03)
- Re: Soap - Was RPCs over HTTPS through the firewall Barney Wolff (May 04)
- Re: Soap - Was RPCs over HTTPS through the firewall Bill Royds (May 04)
- Re: Soap - Was RPCs over HTTPS through the firewall Barney Wolff (May 04)
- Re: Soap - Was RPCs over HTTPS through the firewall Jim Seymour (May 03)
- Re: Soap - Was RPCs over HTTPS through the firewall Marcus J. Ranum (May 02)
- <Possible follow-ups>
- RE: Soap - Was RPCs over HTTPS through the firewall Behm, Jeffrey L. (May 02)
- RE: Soap - Was RPCs over HTTPS through the firewall Rabinowitz, Ari (Exchange) (May 04)