[Cryptography] encoding formats should not be committee'ised
Ray Dillinger
bear at sonic.net
Fri Oct 4 12:24:12 EDT 2013
On 10/04/2013 01:23 AM, James A. Donald wrote:
> On 2013-10-04 09:33, Phillip Hallam-Baker wrote:
>> The design of WSDL and SOAP is entirely due to the need to impedance match COM to HTTP.
>
> That is fairly horrifying, as COM was designed for a single threaded environment, and becomes and incomprehensible and extraordinarily inefficient security hole
> in a multi threaded environment.
Well, yes, as a matter of fact DCOM was always incomprehensible
and extraordinarily inefficient. However, it wasn't so much of
a security hole in the "remotely crashable bug" sense. It made
session management into something of a difficult problem though.
Bear
More information about the cryptography
mailing list