Is SOAP secure?

Davanum Srinivas

SOAP is as secure as HTTP is...SOAP travels across HTTP and enters via port 80, as does HTTP. The only difference is that a SOAP message carries a payload of XML, whereas HTTP would normally carry a payload of HTML/Javascript etc. SOAP messages are very clear about there intent and declare this in their headers. Your firewall can read these headers and decide what to do. Your application when it receives the message should then examine the SOAP message to make sure that the headers match what is in the payload. SOAP can run over HTTPS (SSL) with no problems.