XML-RPC and http
Mark Baker
mark.baker@sympatico.ca
Thu, 12 Jul 2001 13:49:27 -0400
Kent Spaulding wrote:
>
> I cannot believe Mark called Clay a 'Packet Sniffer' - them's fight'n words.
He's lucky I didn't elaborate on the goat example. 8-)
> Has anyone noticed that Invisible Worlds is running SOAP over BEEP? BEEP
> replaces HTTP as the transport. It's been said before, in this thread,
> there must be something this separation of RPC-semantics from transport
> semantics.
>
> Yes, XML-RPC and SOAP are much harder to secure because they sneak along
> over the HTTP transport without a lot of visibility into what's going on.
> That's unfortunate - but in the HTTP-RPC mechanism a al Mark, does said
> sniffer really know anything at all about the semantics of the discussion
> (an RPC) between the client and server?
It knows *everything* about the *transfer* semantics of the discussion.
It doesn't know what the side effects of any stateful operation may be
(such as POSTing a "GoatFood" document into /myGoat yielding a
"GoatPoop" document 8-), but it knows what kind of transfer occurred,
whether that transfer was successful or not, and if not, why.
> Just asking questions because I'm learning a ton from this thread.
I'm glad.
MB