<cut> http://msdn.microsoft.com/xml/general/SOAP_White_Paper.asp Microsoft has replace DCOM with SOAP (Simple Object Access Protocol) for e-commerce development. DCOM had many shortcomings when trying to communicate through firewalls, they never really understood how NAT worked. This tool set allows DCOM objects to basically be encapsulated inside http. Their suggestion is to open a port 80 proxy from your webserver(s) to your application server(s) on the inside. Firstly, I can't think why one would want a DCOM object being accessed like the one given on the white paper. I think that example is a poor illustration. I would much prefer binding this functionality to ASP/COM where the ASP code has control over the DCOM object. This way, one doesn't have to worry about access to the COM object via the firewall, since the web server itself can only access it. The ASP code could perform input validation in an attempt to prevent parameter overloading, causing buffer overflow problems (DoS et al). Better still, the application server that houses the DCOM object can be placed in a separate DMZ from the web server, and correctly setting up the DMZ privs for the application server et al, will strengthen security. Can anyone give a better example of why one would allow people to directly access a DCOM object from the net? Cheers r. Richard Scott The views expressed in this email do not represent Best Buy or any of its subsidiaries.
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:45:57 PDT