Re: RPC over HTTP security

From: Ansgar -59cobalt- Wiechers (bugtraq_at_planetcobalt.net)
Date: 01/27/05

  • Next message: Jeremy: "Re: Source Port 0 Host Sweep" 
    Date: Thu, 27 Jan 2005 02:22:02 +0100
To: security-basics@securityfocus.com

    On 2005-01-26 sf_mail_sbm@yahoo.com wrote:
    > We are thinking about deploying RPC over HTTP to access email from the
    > Internet

    Ask yourself two questions:

    1. Why does nobody in his right mind do RPC over untrusted networks?
    2. How does bloating a protocol by encapsulating it in plain-text make
       it any better?

    Regards
    Ansgar Wiechers 

    -- 
"Those who would give up liberty for a little temporary safety
deserve neither liberty nor safety, and will lose both."
--Benjamin Franklin
  • Next message: Jeremy: "Re: Source Port 0 Host Sweep"

    Relevant Pages

    • Re: [SLE] One more dumb network question
      ... > see the internet on the first PC? ... 2nd machine) and external (the internet connection) ... "They that can give up essential liberty to obtain a little ... temporary safety, ...
      (SuSE)
    • Re: Just when i thought i had read it all along comes..
      ... The Internet isn't mentioned in the Bible, ... Nor is Christmas day considered a day of rest, ... "They that can give up essential liberty to obtain a little temporary safety ...
      (talk.origins)
    • Re: What coins should I collect?
      ... And With the advent of PayPal.com it becomes very quick and easy to pay for purchases over the Internet and by Phone. ... Those who would give up ESSENTIAL LIBERTY to purchase a little TEMPORARY SAFETY, ...
      (rec.collecting.coins)
    • Re: Mysteries of God
      ... Internet. ... One Dick ... "They that can give up essential liberty to obtain a little temporary safety ...
      (talk.origins)
    • RPC over HTTP security
      ... We are thinking about deploying RPC over HTTP to access email from the Internet ...
      (Security-Basics)