• To: Miles Sabin <miles@m...>, xml-dev@l...
• Subject: Re: Malicious documents? (WAS: Interesting mailing list & a rare broadside)
• From: Jim Ancona <scarhill@y...>
• Date: Mon, 10 Jun 2002 13:12:50 -0700 (PDT)
• In-reply-to: <200206101216.57302.miles@m...>
• Reply-to: jim@a...

--- Miles Sabin <miles@m...> wrote:
> Interestingly, the RESTian push for GET over POST for web services is 
> likely to make exploits of this sort easier. That's not a criticism of 
> REST per se, but it suggests that RESTians probably have a duty to 
> think about the security implications of GET vs POST.

The HTTP spec describes some of the security implications of method
selection.[1][2] No REST advocate I've encountered has advocated using GET for
actions that are not safe. What sort of additional implications were you
thinking about?

Jim

[1] - http://www.w3.org/Protocols/rfc2616/rfc2616-sec9.html#sec9.1
[2] - http://www.w3.org/Protocols/rfc2616/rfc2616-sec15.html#sec15.1.3

=====
Jim Ancona
jim@a...                     jancona@x...

__________________________________________________
Do You Yahoo!?
Yahoo! - Official partner of 2002 FIFA World Cup
http://fifaworldcup.yahoo.com

• Follow-Ups:
  • Re: Malicious documents? (WAS: Interesting mailing list & a rare broadside)
    • From: Miles Sabin <miles@m...>

• References:
  • Re: Malicious documents? (WAS: Interesting mailing list & a rare broadside)
    • From: Miles Sabin <miles@m...>

• Prev by Date: Re: W3C Schema: Resistance is Futile, says Don Box
• Next by Date: Re: W3C Schema: Resistance is Futile, says Don Box
• Previous by thread: Re: Malicious documents? (WAS: Interesting mailing list & a rare broadside)
• Next by thread: Re: Malicious documents? (WAS: Interesting mailing list & a rare broadside)
• Index(es):
  • Date
  • Thread