Cart
[Home] [By Thread] [By Date] [Recent Entries]
On Jan 6, 2004, at 12:10 PM, Elliotte Rusty Harold wrote: > At 12:04 PM -0500 1/6/04, Rich Salz wrote: > >> I read it. It appears that good security practices conflict with >> REST. It's nice to hear the RESTafarians admit it. > > Possibly you read a message I missed or interpreted it differently. > Could you please provide the URL to and quote from the specific > message which demonstrates that good security practices conflict with > REST? > http://groups.yahoo.com/group/rest-discuss/message/3593 Quoth Dr. Fielding, "I think it is more accurate to say that, because user identification must be supplied with each request subject to authentication, that an action like LOGIN would only add overhead." That's at least inconsistent with currently understood best practices, although of course he (and you) could be proven right in the long run. Can anyone point to a secure, scalable, automated [i.e., can be used by software as a service as well as humans], and successful site that adheres to REST principles? Amazon probably comes the closest, but the tast I tried, Amazon wouldn't do much for me without cookies enabled. (I tried a brief experiment disabling cookies awhile ago and was not a happy user of the Web As It Is). Empirical proof that REST really works would create a lot more converts than evangelism of its theory.
|
