Sécurité des services web

Slashdot | Web Services
Miser sur SOAP pour mettre en place des services web sécurisés n’est sans doute pas une idée lumineuse :
« SOAP et al are a mistaken implementation for exactly that reason, in a typical Microsoft fashion: by running everything over HTTP, we can get things working quickly without wondering whether they are secure. Later on, there will be a ton of SOAP security holes and information leaks, but we won’t be able to plug the hole properly since we can’t cut off HTTP without strangling our businesses. I love innovation without cogitation. An absolute godsend to good firewall administrators would be to have specific services on specific ports so that you could easily audit the use of such services separately and have a better handle on what’s going in and out of your ‘net. You could, for example, inspect SOAP packets for a particular service without having to slow down all traffic through your HTTP proxy. But since you’re a lazy bastard, I bet you don’t care :) »