top | item 3803076

(no title)

Maybe I'm missing something, but how is this a danger of SOAP? You could misconfigure any endpoint.

discuss

I agree. This could happen in any web service, SOAP or otherwise, that pushes back the endpoint URLs as part of a capability discovery mechanism.

mtpettyp|14 years ago

And even if this endpoint (defined in the WSDL) was changed to to https there is nothing stopping you from overriding it and pointing it to any other (possibly unsecure) URL.

vlucas|14 years ago

I thought the exact same thing as soon as I saw the URLs. This could happen with ANY web service that returns URLs, even a REST one with a more HATEOAS-style approach.