Microsoft Web Services Security Recommendation: Disable HTTP-GET
Rohit Khare
Rohit@KnowNow.com
Tue, 19 Mar 2002 21:38:47 -0800
This is a multi-part message in MIME format.
------_=_NextPart_001_01C1CFD1.81770A39
Content-Type: text/plain;
charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable
Ah, that silly justification for SOAP-Action rears its head again.
Browser-based services are for kids, silly!
Sigh
Rohit
-----Original Message-----
It should be noted that this scenario does not apply to an XML Web
service
that only allows the SOAP over HTTP protocol to communicate with it.
SOAP
requests require the SOAPAction HTTP header, which a Web page does not
have
the capability to include in a redirect using a link.
------_=_NextPart_001_01C1CFD1.81770A39
Content-Type: application/ms-tnef;
name="winmail.dat"
Content-Transfer-Encoding: base64
eJ8+IjAFAQaQCAAEAAAAAAABAAEAAQeQBgAIAAAA5AQAAAAAAADoAAEIgAcAGAAAAElQTS5NaWNy
b3NvZnQgTWFpbC5Ob3RlADEIAQ2ABAACAAAAAgACAAEEgAEARQAAAFJFOiBNaWNyb3NvZnQgV2Vi
IFNlcnZpY2VzIFNlY3VyaXR5IFJlY29tbWVuZGF0aW9uOiBEaXNhYmxlIEhUVFAtR0VUABEYAQWA
AwAOAAAA0gcDABMAFQAmAC8AAgBbAQEggAMADgAAANIHAwATABUAJgAvAAIAWwEBCYABACEAAABD
QzExQzA5MEE4NDk4ODRBODVEQTU1NzAxMkY1QjBDOQAeBwEDkAYABAkAADYAAAADADYAAAAAAEAA
OQA5CneB0c/BAR4APQABAAAABQAAAFJFOiAAAAAAAgFHAAEAAAAxAAAAYz1VUzthPSA7cD1Lbm93
Tm93O2w9T1RIRUxMTy0wMjAzMjAwNTM4NDdaLTEyODc4AAAAAB4ASQABAAAAQQAAAE1pY3Jvc29m
dCBXZWIgU2VydmljZXMgU2VjdXJpdHkgUmVjb21tZW5kYXRpb246IERpc2FibGUgSFRUUC1HRVQA
AAAAQABOAIB3y1nIz8EBHgBaAAEAAAAJAAAATXIuIEZvUksAAAAAAgFbAAEAAAA8AAAAAAAAAIEr
H6S+oxAZnW4A3QEPVAIAAAAATXIuIEZvUksAU01UUABmb3JrX2xpc3RAaG90bWFpbC5jb20AAgFc
AAEAAAAbAAAAU01UUDpGT1JLX0xJU1RASE9UTUFJTC5DT00AAB4AXQABAAAACQAAAE1yLiBGb1JL
AAAAAAIBXgABAAAAPAAAAAAAAACBKx+kvqMQGZ1uAN0BD1QCAAAAAE1yLiBGb1JLAFNNVFAAZm9y
a19saXN0QGhvdG1haWwuY29tAAIBXwABAAAAGwAAAFNNVFA6Rk9SS19MSVNUQEhPVE1BSUwuQ09N
AAAeAGYAAQAAAAUAAABTTVRQAAAAAB4AZwABAAAAFgAAAGZvcmtfbGlzdEBob3RtYWlsLmNvbQAA
AB4AaAABAAAABQAAAFNNVFAAAAAAHgBpAAEAAAAWAAAAZm9ya19saXN0QGhvdG1haWwuY29tAAAA
HgBwAAEAAABBAAAATWljcm9zb2Z0IFdlYiBTZXJ2aWNlcyBTZWN1cml0eSBSZWNvbW1lbmRhdGlv
bjogRGlzYWJsZSBIVFRQLUdFVAAAAAACAXEAAQAAABsAAAABwc/HQCUAyD3fBYJA1oLg/d0wFRGB
AAKHVvkAHgB0AAEAAAAOAAAAZm9ya0B4ZW50LmNvbQAAAB4AGgwBAAAADAAAAFJvaGl0IEtoYXJl
AB4AHQ4BAAAAQQAAAE1pY3Jvc29mdCBXZWIgU2VydmljZXMgU2VjdXJpdHkgUmVjb21tZW5kYXRp
b246IERpc2FibGUgSFRUUC1HRVQAAAAAAgEJEAEAAAAAAgAA/AEAAOkCAABMWkZ19RjtDgMACgBy
Y3BnMTI14jIDQ3RleAVBAQMB9/8KgAKkA+QHEwKAD/MAUARWPwhVB7IRJQ5RAwECAGNo4QrAc2V0
MgYABsMRJfYzBEYTtzASLBEzCO8J97Y7GB8OMDURIgxgYwBQcwsJAWQzNhZQC6YQwGg4LCB0E+AF
QACQbGzAeSBqdXN0BpAN4DUdUGkCICACEAXAU0/gQVAtQWMecxggE/EoIGl0BCBoH9BkIERhZwtx
LiBCA2B34RQQci1iYRQQIJAhYS52DeAHkQrAZR6za2nsZHMdEB2DIQqiCoQKgFBTaWdoI9QgB/Fo
qyAgI9otJmJPBRBnC4DXB0AF0AeQcyCwZSZjI9qqSR1haAhgbCCQYiKw/G5vDrAgkB0zHTAEAB1w
hyJQJwAFEG8gZG8HkdspkSCgcAtQHcB0KwADkYBYTUwgV2ViIfb/I9QdMwIgHbEHQBewIVAdIRci
sB8CLgB2EoFIVFR9L0BwA2AsEBeRLAIFoG38bXUDAB5RIrAD8B0wIBHvIQAfAiPUGCBxClAeAAQg
/TKyaSKhLtYfVS+zIGIEkP0dEHclcBPQIKAsowqwJ5B/KxgT4C9wLWYisB5QCrBi7wMQICAr8wuA
YwpAAQA40W810RghM4EfYCAd8AuAZ6M10ThgbmsuI9R9O4AeADUQAQAAAD0AAAA8QjA2MTJCRTJB
MkJBMzQ0Mjk5RDgxNzBFM0JFNTMxNTUzQzA2OEFAb3RoZWxsby5rbm93bm93LmNvbT4AAAAAHgBH
EAEAAAAPAAAAbWVzc2FnZS9yZmM4MjIAAAsA8hABAAAAHwDzEAEAAACaAAAAUgBFACUAMwBBACAA
TQBpAGMAcgBvAHMAbwBmAHQAIABXAGUAYgAgAFMAZQByAHYAaQBjAGUAcwAgAFMAZQBjAHUAcgBp
AHQAeQAgAFIAZQBjAG8AbQBtAGUAbgBkAGEAdABpAG8AbgAlADMAQQAgAEQAaQBzAGEAYgBsAGUA
IABIAFQAVABQAC0ARwBFAFQALgBFAE0ATAAAAAAACwD2EAAAAABAAAcwsKJ8XdHPwQFAAAgw9857
gdHPwQEDAN4/5AQAAAMA8T8JAAAAHgD4PwEAAAAMAAAAUm9oaXQgS2hhcmUAAgH5PwEAAABLAAAA
AAAAANynQMjAQhAatLkIACsv4YIBAAAAAAAAAC9PPUtOT1dOT1cvT1U9TVQuIFZJRVcvQ049UkVD
SVBJRU5UUy9DTj1SS0hBUkUAAB4A+j8BAAAAFQAAAFN5c3RlbSBBZG1pbmlzdHJhdG9yAAAAAAIB
+z8BAAAAHgAAAAAAAADcp0DIwEIQGrS5CAArL+GCAQAAAAAAAAAuAAAAAwD9P+QEAAADABlAAAAA
AAMAGkAAAAAAAwAdQAAAAAADAB5AAAAAAB4AMEABAAAABwAAAFJLSEFSRQAAHgAxQAEAAAAHAAAA
UktIQVJFAAAeADJAAQAAABYAAABmb3JrX2xpc3RAaG90bWFpbC5jb20AAAAeADNAAQAAABYAAABm
b3JrX2xpc3RAaG90bWFpbC5jb20AAAAeADhAAQAAAAcAAABSS0hBUkUAAB4AOUABAAAAAgAAAC4A
AAALACkAAAAAAAsAIwAAAAAAAwAGEI0rkggDAAcQYQEAAAMAEBAAAAAAAwAREAEAAAAeAAgQAQAA
AGUAAABBSCxUSEFUU0lMTFlKVVNUSUZJQ0FUSU9ORk9SU09BUC1BQ1RJT05SRUFSU0lUU0hFQURB
R0FJTkJST1dTRVItQkFTRURTRVJWSUNFU0FSRUZPUktJRFMsU0lMTFlTSUdIUk9IAAAAAAIBfwAB
AAAAPQAAADxCMDYxMkJFMkEyQkEzNDQyOTlEODE3MEUzQkU1MzE1NTNDMDY4QUBvdGhlbGxvLmtu
b3dub3cuY29tPgAAAABgIg==
------_=_NextPart_001_01C1CFD1.81770A39--