• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Tim Cooke
  • Liutauras Vilda
  • Jeanne Boyarsky
  • paul wheaton
Sheriffs:
  • Ron McLeod
  • Devaka Cooray
  • Henry Wong
Saloon Keepers:
  • Tim Holloway
  • Stephan van Hulst
  • Carey Brown
  • Tim Moores
  • Mikalai Zaikin
Bartenders:
  • Frits Walraven

XML-RPC

 
Ranch Hand
Posts: 395
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi all,
It has been told that XML-RPC uses http protocol to call a remote object. Also this call is going to elude the firewall. Since we have DCOM and CORBA for distributed objects, Whats the speciality of this XML-RPC call?
Is this going to help HACKERS?
TIA
------------------
L Goundalkar
lggoundalkar@hotmail.com
Sun Certified Programmer for Java 2 Platform
 
Greenhorn
Posts: 23
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Both XML-RPM and SOAP have the <em>capability</em> of using HTTP for transport, but this is by no means a restriction. The reason if for exactly what you state: to avoid problems with firewalls. I could just as easily send SOAP over SMTP as long as something knows how to answer the requests.
I don't know a lot about DCOM but in the case of CORBA firewalls are a big problem. If I want to use a remote object I have to open up my firewall on another port. With HTTP it is much easier to monitor the traffic coming in and out of my firewall than it is to open up ports for every protocol I want to use; and SOAP headers in HTTP are well-defined.
As far as speciality, DCOM is a Microsoft-specific protocol for distributed computing. CORBA is much more platform independent in that any platform supporting IDL can make use, and interoperability with different ORBs can occur with the advent of IIOP. With XML-RPC there is no need for ORBs or a particular OS. All I need to know are what services are available, where they are located, and the parameters for using those services. And this is all done using XML.
As far as helping hackers, like anything else if a SOAP/XML-RPC service is implemented incorrectly allowing for access to vital resources, then of course crackers are going to exploit this. However, XML-RPC and SOAP by design are not to blame.

Originally posted by L Goundalkar:
Hi all,
It has been told that XML-RPC uses http protocol to call a remote object. Also this call is going to elude the firewall. Since we have DCOM and CORBA for distributed objects, Whats the speciality of this XML-RPC call?
Is this going to help HACKERS?
TIA



------------------
Jeremy Crosbie
Co-Author of Professional Java XML
 
Ranch Hand
Posts: 243
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I would expect that these protocols, XML RPC and SOAP, will work over ssl, so that security will not be compromised. SSL is a layer between TCP and HTTP so it is transparent to anything over HTTP.
 
Ranch Hand
Posts: 38
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
What is happening with XMSG?
I worked on a project where we designed out own DTD within teh XMSG specification, and it works great! I wonder why no one jumped aboard...
http://www.w3.org/TR/xmsg/
 
Honk if you love justice! And honk twice for tiny ads!
Gift giving made easy with the permaculture playing cards
https://coderanch.com/t/777758/Gift-giving-easy-permaculture-playing
reply
    Bookmark Topic Watch Topic
  • New Topic