IWETHEY v. 0.3.0 | TODO
1,095 registered users | 1 active user | 0 LpH | Statistics
Login | Create New User
IWETHEY Banner

Welcome to IWETHEY!

IWETHEY Home / IWETHEY Board / News Picks Forum / This area seems to have a major confusion...
Post #44,526
by ben_tilly
7/5/02 7:13:28 AM
Reply
New This area seems to have a major confusion...
between encryption (making sure that others cannot snoop on my communication) and security (making sure that my system is not readily abusible).

The two are not particularly closely related, and definitely are not substitutes for each other.

In this brave new world I think we will see a lot of having 2 parties open up a key exchange, and then proceed to communicate back and forth with no other thought to security. Sample mistakes will be that an undue amount of your internals will be available for perusal by the person you are perusing with, and the old web cart mistake of entering a negotiation and then trusting the prices that the client gives you.

Cheers,
Ben
"... I couldn't see how anyone could be educated by this self-propagating system in which people pass exams, teach others to pass exams, but nobody knows anything."
--Richard Feynman
Post #44,591
by dmarker2
7/6/02 4:26:54 AM
Reply
New Re: Web Services Servers might introduce challenges ...

Web Services communicate between servers that listen on specific ports for SOAP messages.

Web Servers are peripheral to Web Services. The servers can reside on the same type of box but a web servers servers web pages while a SOAP server recieves & forwards SOAP messages only.

The SOAP listener sits on a nominated port (which is published in the WSDL definintion for the service being requested) on a tcp/ip connected server. The SOAP listener examines the request type in the SOAP message to determine which internal task (which will itself be listening on another port) and dipatches the request to the task on that other port.

Web Services don't actually need web servers. They tend to though because web servers will typically provide the *.wsdl documents that provide the IDL info for accessing the service.

A UDDI server is kind of a cross between a web server and a web services server. They will normally respond to both HTTP & SOAP requests.

So the security issues you talk about relate to how to screw a web services server & this is a bit different from stuffing up a web server.

Cheers

Doug
     Some good reads on XML & Web Svcs & Enterprise Apps - (dmarker2) - (7) - July 5, 2002, 10:05:32 PM EDT
         Stupid question - (ben_tilly) - (3) - July 4, 2002, 09:20:16 PM EDT
             Re: A sincere question is rarely stupid. An answer can be - (dmarker2) - (2) - July 5, 2002, 03:52:07 AM EDT
                 This area seems to have a major confusion... - (ben_tilly) - (1) - July 5, 2002, 07:13:28 AM EDT
                     Re: Web Services Servers might introduce challenges ... - (dmarker2) - July 6, 2002, 04:26:54 AM EDT
         I don't buy it - (tuberculosis) - (2) - July 9, 2002, 08:10:00 PM EDT
             Re: I don't buy it - My experience is opposite - (dmarker2) - (1) - July 10, 2002, 02:29:15 AM EDT
                 Yeah but you're all IBM so far - (tuberculosis) - July 10, 2002, 04:56:47 AM EDT

Who invented this stupid sport, anyway?
77 ms