Lists Home |
Date Index |
One can expose a security risk naively. One
could also only expose a facade or a kind of session
manager that handles requests and routes them
appropriately. One can also take the approach taken by
some data warehouse models in which a separate server,
really a separate box, handles the web services. The
internal systems which must be secure don't face out.
Sure, someone can do a stupid thing. Or, one can
do a good design, understand best practices, and
act accordingly. Same as it ever was.
From: Joshua Allen [mailto:email@example.com]
Again, I don't understand this. RPC does not pass code to the server.
The user does not "execute code directly". The user passes some
parameters, and the server executes whichever code it has been
configured to execute in response. Same as happens with REST.