I wouldn't say either was more secure than the other. I haven't used it in a while, but last I checked the client didn't support two-factor authentication unlike putting some other authentication in front of the OWA server. Other than that, I would view the two as being equal in terms of security risk to the infrastructure since they both use HTTP/SSL to communicate. One just encapsulates RPC in the HTTP stream while the other is HTTP.
I think the RPC/HTTP is more usable to the end user and certainly more feature rich. I won't lie to you, I wasn't a big fan of it when it first came out. But I've since been persuaded that RPC/HTTP offers some tangible benefits. ;) In either case, I'd still want to use a layer-7 device in front of it to terminate the SSL and to check the intent of the requests/responses and to control the traffic. Something like ISAServer 2004 would come to mind. Al -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Pelle, Joe Sent: Tuesday, March 22, 2005 2:52 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] OT:RPC over HTTP vs OWA Hey all - I was wondering what everyone's thoughts were about using RPC over HTTP vs Outlook Web Access...? Is one more secure than the other? What were the reasons you implemented one and not the other? Any insight is always much appreciated! Thanks! Joe Pelle Senior Infrastructure Architect Information Technology Valassis / IT 19975 Victor Parkway Livonia, MI 48152 Tel 734.591.7324 Fax 734.632.6151 [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> http://www.valassis.com/ <http://www.valassis.com/> This message may include proprietary or protected information. If you are not the intended recipient, please notify me, delete this message, and do not further communicate the information contained herein without my express written consent. List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/