I agree with
jtansen in regards to SOAP / Security discussions, and
CGI (and JSP / Servlet, etc) developers have had to deal
with this for quite a while now. It all comes down to the
fact that, as always, software developers need to be aware
of the security issues involved in their work, and to take
that into account when writing their code.
Every week it seems a good half dozen security bugs are
reported that involve buffer overflow / mishandling of user
input! The fact that you must very carefully validate and
manage all information which is input into your program /
system should be common knowledge to everyone by now. At
what point are people going to start using this knowledge,
as a whole.
I guess it all comes down to education, and that I don't
think a single Java book I have read has done a good job of
talking about security issues in relation to Java
programming (and I don't mean the security APIs, which are a
different issue altogether). It is a mindset that must be
explained, a certain level of paranioa or mistrust which the
programmer must have towards the users and external data
sources which come into their system.
I apologize if I digress, but to summarize, I don't feel
that SOAP security is anything new / different from the same
kinds of issues that most programmers don't deal with well /
at all, and cause the kinds of insecurity that we see in
I have been reading the last few evenings (and Sunday), rather than working on Symbiosis, but I keep to come up with / document ideas I have to work on. I have been reading "Nothing on My Mind", which is a book about a Man's journey through life at Berkely in the 60's, doing lots of drugs, and eventually discovering Zen meditation.
I am not sure, as I am not done the book is, what the
"point" of the book is, or perhaps it doesn't even have one,
as is true with a lot of these kinds of books. I am at
least happy, based on the author's experience, that I didn't
experiment with drugs in my youth, and I have never heard of
extreme drug use causing someone to be "enlightened". I
think I will stick to the slow and steady approach.