Re: SOAP-RPC and REST and security

Cart

XML Editor - Download a Free Trial >

See What's New >

Buy Now >

[Home] [By Thread] [By Date] [Recent Entries]

To: <xml-dev@l...>
Subject: Re: SOAP-RPC and REST and security
From: Gavin Thomas Nicol <gtn@r...>
Date: Wed, 20 Feb 2002 17:51:29 -0500
In-reply-to: <4F4182C71C1FDD4BA0937A7EB7B8B4C1045A0C73@r...>
Organization: Red Bridge Interactive, Inc.
References: <4F4182C71C1FDD4BA0937A7EB7B8B4C1045A0C73@r...>

On Wednesday 20 February 2002 05:09 pm, Joshua Allen wrote:
> I just find the idea that REST would be
> inherently more secure than RPC (or likewise, RPC more secure than
> REST) objectionable.  It is possible to make arguments for or
> against either architecture's inherent security.  

Fundamentally the security models are exactly the same. The only area 
where REST might have an edge is in using short-lived URI's to refer 
to particular states in a process... essentially scoping the URI to 
the transaction and the client session. If HTTP is used for REST 
though, it's pretty much wide-open (people can always capture the 
URI's) unless you use SSL, in which case SOAP and REST are again 
equivalent.

References:
- RE: SOAP-RPC and REST and security
  - From: "Joshua Allen" <joshuaa@m...>

Prev by Date: Re: RDDL: minor update
Next by Date: Re: SOAP-RPC and REST and security
Previous by thread: RE: SOAP-RPC and REST and security
Next by thread: RE: SOAP-RPC and REST and security
Index(es):
- Date
- Thread

XML Editor - Download a 15 Day Free Trial Now >

See What's New in Stylus Studio >

Buy Stylus Studio - XML Editor - Now >