Re: XML socket server HTTP tunneling

Beyond the fact that I don't think you can keep the connection open (you might be able to do some creative things with HTTP 1.1, I don't know), this is not the right thing to do.

Warning: rant follows!

Firewalls are here for a reason: to isolate the internal network from the Wild Wild Internet. Firewalls allow certain types of communication to the outside world. Network administrators are paid to ensure that those communications are reasonably safe. They usually do this by allowing certain ports to be open, based on the services these ports provide. If you start using port 80 for an XML socket server (not to mention SOAP or XML-RPC) then you completely break this security model. The admin does not know that you are using port 80 for a non-standard purpose, hence she can't do her job and keep the system secure.

If I was a network administrator and discovered that people are using that kind of trick on my network, be sure there would be consequences!

The right thing to do is to setup your server on a defined port and to ask the network admin to open it. You might have to justify the need and to demonstrate that this new service is secure. THIS IS A GOOD THING!

You might find Paul Prescod's Some thoughts about SOAP versus REST on Security an interesting read.

Comment on Re: XML socket server HTTP tunneling

Replies are listed 'Best First'.
Re: Re: XML socket server HTTP tunneling by JamieD (Novice) on Nov 21, 2002 at 13:28 UTC
Sorry, I did phrase my question too well. To answer Merlyn, I am not opening an XML socket, I am opening a standard socket and using this to send and recieve XML data. In response to mirod, I cant get the network admins to open ports because this is going to be a public service that anyone can connect to, I dont have a problem connecting but other people behind firewalls might have a problem doing this. I think the solution might be to use port 80 to connect to a cgi which send xml data and loads data, then closes the connection. The client then waits for a bit, reconnects and does the same again. I will then have to modify the server code so that it stores all of the messages sent since the last time the user connected and sends them in one go when the user connects. This wouldnt be a real time message relay so i dont think it would be any good for games. Is this the best solution?	[reply]
•Re: Re: Re: XML socket server HTTP tunneling by merlyn (Sage) on Nov 21, 2002 at 13:31 UTC
That's what SOAP is! Stop trying to reinvent things. -- Randal L. Schwartz, Perl hacker Be sure to read my standard disclaimer if this is a reply.	[reply]
Re: •Re: Re: Re: XML socket server HTTP tunneling by JamieD (Novice) on Nov 21, 2002 at 17:00 UTC
I dont want to use SOAP becuase it adds a whole shed load of code that A)I dont want and B)dont need. This will use up extra resources that I dont want to. Why do I need to use serveral pm's when I can do the same thing in a few lines of code? The whole point of my server is to be as fast and stable as possible while also being easy to port to other platforms. For these reasons I only want to use pm's if absolutly nessacery	[reply]