Writing applications to communicate via FTP took time and were
Distributions of the client application were a nightmare. Any time
changes needed to be done on the client, the effort would have to be
replicated on the server and setup diskettes would need to be made
all over again.
Consequently, this method experienced severe shortcomings, as the
server application was limited to parsing the application for which it was
written. Another downfall of the FTP method was that you had to read and
write to a file.
I/O operations are expensive, so to perform this task on a laboriously
busy server could spell performance problems, potentially generating its
own brute-force denial-of-service attack against itself if it became too busy
handling I/O-intensive client requests.
The final problem with the FTP method was that the response time from
the server was often not real time. The fact that the application had to per-
form I/O processing, and that it often scheduled a task or service running
intermittently to look for available files within a specific folder, made the
real-time performance slower than the TCP method.
The writing was on the wall: The world was in dire need of a new proto-
col, one that is TCP compliant, is standard across all platforms, and over-
comes the problems associated with historical ways of communicating
with remote applications.
Furthermore, a language was needed to transport data from application
to application. It no longer made sense to write string parsers that were
tied to specific applications that would need to be rewritten to accommo-
date each new applications data structure.
As a result, the technical world has changed. The efforts to continually
improve efficiency and decrease complexity have introduced a latecomer
to the protocol kingdom, an appellation celebrated by the acronym SOAP.
Its fortitude relies completely on the well-known XML standard.
Remote Procedure Calls (RPC) are intended to allow individuals to run
processes on distributed systems. The primary downfalls of RPC are secu-
rity and configuration. The following attacks might be possible when
allowing distributed RPC communication: