

Dangers of SOAP: Payment gateway WSDL sent over HTTPS but all actions are HTTP - qixxiq
https://www.netcash.co.za/netserv/ncUpload/service.asmx?wsdl

======
arethuza
I don't think it's a great idea to link directly to the WSDL for what looks
like a production system without indicating this in the HN title.

I was expecting an article describing how it is possible to make this mistake
- not raw WSDL!

------
memoryfault
Maybe I'm missing something, but how is this a danger of SOAP? You could
misconfigure any endpoint.

~~~
SystemOut
I agree. This could happen in any web service, SOAP or otherwise, that pushes
back the endpoint URLs as part of a capability discovery mechanism.

