Re: Bruce Schneiers CRYPTO-GRAM February 15, 2002
- From: Alan Cox <alan redhat com>
- To: veillard redhat com
- Cc: jochen scram de (Jochen Friedrich), gnome-hackers gnome org
- Subject: Re: Bruce Schneiers CRYPTO-GRAM February 15, 2002
- Date: Fri, 15 Feb 2002 17:51:21 -0500 (EST)
> the problem is not in SOAP, it's in HTTP being allowed without further
> testing. Actually a firewall administrator has an easier control over
> a SOAP messages crossing the interface than over say Javascript embedded
Unfortunately everyone uses HTTPS to prevent this, and while http/https
were designed right conceptually, there are no IE or mozilla modules to
support the https sessions being driven the proxy not the browser and
using a single authenticated session to the trusted proxy
In practical terms it makes SOAP the perfect way to steal arbitary
documents, second only to irc
_______________________________________________
gnome-hackers mailing list
gnome-hackers gnome org
http://mail.gnome.org/mailman/listinfo/gnome-hackers
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]