Both XML-RPM and
SOAP have the <em>capability</em> of using HTTP for transport, but this is by no means a restriction. The reason if for exactly what you state: to avoid problems with firewalls. I could just as easily send SOAP over SMTP as long as something knows how to answer the requests.
I don't know a lot about DCOM but in the case of CORBA firewalls are a big problem. If I want to use a remote object I have to open up my firewall on another port. With HTTP it is much easier to monitor the traffic coming in and out of my firewall than it is to open up ports for every protocol I want to use; and SOAP headers in HTTP are well-defined.
As far as speciality, DCOM is a Microsoft-specific protocol for distributed computing. CORBA is much more platform independent in that any platform supporting IDL can make use, and interoperability with different ORBs can occur with the advent of IIOP. With XML-RPC there is no need for ORBs or a particular OS. All I need to know are what services are available, where they are located, and the parameters for using those services. And this is all done using XML.
As far as helping hackers, like anything else if a SOAP/XML-RPC service is implemented incorrectly allowing for access to vital resources, then of course crackers are going to exploit this. However, XML-RPC and SOAP by design are not to blame.
Originally posted by L Goundalkar:
Hi all,
It has been told that XML-RPC uses http protocol to call a remote object. Also this call is going to elude the firewall. Since we have DCOM and CORBA for distributed objects, Whats the speciality of this XML-RPC call?
Is this going to help HACKERS?
TIA
------------------
Jeremy Crosbie
Co-Author of
Professional Java XML