I will start with a link to published propaganda. http://msdn.microsoft.com/xml/general/SOAP_White_Paper.asp Microsoft has replace DCOM with SOAP (Simple Object Access Protocol) for e-commerce development. DCOM had many shortcomings when trying to communicate through firewalls, they never really understood how NAT worked. This tool set allows DCOM objects to basically be encapsulated inside http. Their suggestion is to open a port 80 proxy from your webserver(s) to your application server(s) on the inside. InternetWeek claims this is potentially dangerous and serious security flaw. Though doesn't elaborate on the details. I pose this question to the group, what are the potential dangers of tunneling DCOM objects or in essence an application through a well known port (http). I am assuming an application proxy based firewall with a standard inbound port 80 wrapper. Locked down from the IP of web server to the IP of application server. The application server must be aware of the payload and be able to strip it out of the http tunnel and execute it. Thanks for your input. Kevin Hardcastle Information Security Group Alliance Blue Cross Blue Shield
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:45:46 PDT