Ville Vainio wrote:
I teach the odd security class, and what you say is far from true. As long as the service is located behind a firewall which opens up the correct holes for it, it's most unlikely that corporate firewalls would disallow client connections to such a remote port."Mark" == Mark Carter <[EMAIL PROTECTED]> writes:
Mark> Mark Carter wrote: >> Paul Rubin wrote:
>>> Usually you wouldn't run a public corba or pyro service over >>> the internet. You'd use something like XMLRPC over HTTP port >>> 80 partly for the precise purpose of not getting blocked by >>> firewalls.
Mark> I'm not sure if we're talking at cross-purposes here, but Mark> the application isn't intended for public consumption, but Mark> for fee-paying clients.
Still, if the consumption happens over the internet there is almost 100% chance of the communication being prevented by firewalls.
This is exactly what "web services" are for.
Web services are for offering services despite the fact that the corporate firewall managers are valiantly trying to stop unknown services from presenting to the outside world (and my immediately preceding post tells you what I think of that idea).
The situation is analogous to connecting to web servers running on non-standard ports (8000 and 8080 are traditional favorites, but firewalls very rarely accord them any special treatment).
Most firewall configurations allow fairly unrestricted outgoing connections, limiting rules to sanity checking of addresses to ensure nobody inside the firewall is address spoofing. Incoming connections are usually limited to specific combinations of port number and IP address known to be legitimate corporate services to the external world. Firewalling web services effectively is just an additional pain for the network manager.
regards Steve -- Steve Holden http://www.holdenweb.com/ Python Web Programming http://pydish.holdenweb.com/ Holden Web LLC +1 703 861 4237 +1 800 494 3119 -- http://mail.python.org/mailman/listinfo/python-list
