Re: configuring Apache SOAP remotely via the ServiceManager service.
You can turn that off by writing a custom config manager (see the
docs) which does not allow the deploy and undeploy functions. That
would turn off the ability to configure Apache SOAP remotely.
Sanjiva.
----- Original Message -----
From: "David Wall" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Saturday, June 16, 2001 3:39 PM
Subject: Re: Using SOAP A good Idea or bad ???????????
>
> > is and will there be any issues ? any one very confident about the SOAP
> > tech. or it is just another hype.. Please help me in making a decision
> here
>
> I think you'll find there are still interoperability issues between
> platforms and SOAP toolkits.
>
> I'm also concerned that the Apache soap router appears to be configurable
by
> sending it messages, but I don't see a clear scheme for saying how to
secure
> that capability (like the Deploy and Undeploy options). While I'm not
sure
> doing a deploy/undeploy itself is such a security hole, it could certainly
> be a DoS by undeploying so thats continually get errors. I doubt somebody
> could deploy anything since there would need to be a service to accept the
> newly deployed service, but there may be cases where a fake deploy could
> trick an existing service that was not tightly written.
>
> Despite that, we are still moving ahead with our SOAP implementations for
> e-signatures at Yozons....
>
> David
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, email: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, email: [EMAIL PROTECTED]
