amritpatek Mon, 09/10/2007 - 11:16

From a security standpoint SOAP has some nasty little holes and the fixes are somewhat hand crafted for each application. Since SOAP relies on HTTP as the transport mechanism, and most firewalls allow HTTP to pass through, you'll have no problem invoking SOAP endpoints from either side of a firewall. However don't forget that SOAP makes it possible for system administrators to configure firewalls to selectively block out SOAP requests using SOAP-specific HTTP headers.


This Discussion