{"id":28,"date":"2002-09-16T01:30:00","date_gmt":"2002-09-16T05:30:00","guid":{"rendered":"http:\/\/www.markbaker.ca\/wp\/?p=44"},"modified":"2002-09-16T01:30:00","modified_gmt":"2002-09-16T05:30:00","slug":"soap-smtp-binding-security","status":"publish","type":"post","link":"http:\/\/www.markbaker.ca\/blog\/2002\/09\/soap-smtp-binding-security\/","title":{"rendered":"SOAP SMTP binding security"},"content":{"rendered":"<p>Just noticed Simon&#8217;s reference to his\n<a href=\"http:\/\/www.pocketsoap.com\/specs\/smtpbinding\/\">SOAP SMTP binding spec<\/a>.\nSection 6, &#8220;Security Considerations&#8221; says &#8220;This should introduce no new security considerations.&#8221;.\nBzzt! 8-)<\/p>\n\n<p>Consider that by requiring the SOAP response in a new email, rather than using\nthe SMTP response as the response, you&#8217;re requiring that any deployed implementation of\nsoftware conforming to this specification, include an automated responder\nwhere none was previously.  That is, what was once a safe &#8220;input only&#8221; protocol\n(SMTP), has been turned into a request\/response protocol.  There&#8217;s oodles of\nnew security considerations to consider because of that.<\/p>","protected":false},"excerpt":{"rendered":"Just noticed Simon&#8217;s reference to his SOAP SMTP binding spec. Section 6, &#8220;Security Considerations&#8221; says &#8220;This should introduce no new security considerations.&#8221;. Bzzt! 8-) Consider that by requiring the SOAP response in a new email, rather than using the SMTP response as the response, you&#8217;re requiring that any deployed implementation of software conforming to this [&hellip;]","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[26],"class_list":["post-28","post","type-post","status-publish","format-standard","hentry","category-uncategorized","tag-soap"],"_links":{"self":[{"href":"http:\/\/www.markbaker.ca\/blog\/wp-json\/wp\/v2\/posts\/28","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.markbaker.ca\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.markbaker.ca\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.markbaker.ca\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/www.markbaker.ca\/blog\/wp-json\/wp\/v2\/comments?post=28"}],"version-history":[{"count":0,"href":"http:\/\/www.markbaker.ca\/blog\/wp-json\/wp\/v2\/posts\/28\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.markbaker.ca\/blog\/wp-json\/wp\/v2\/media?parent=28"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.markbaker.ca\/blog\/wp-json\/wp\/v2\/categories?post=28"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.markbaker.ca\/blog\/wp-json\/wp\/v2\/tags?post=28"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}