[
Lists Home |
Date Index |
Thread Index
]
Mike Champion wrote:
>
>...
>
> It would appear that security is not a differentiator
> between RPC and REST at the *technical* level.
REST is not a security silver bullet. SOAP services are not guaranteed
to be insecure. Nevertheless there are real, technical, security issues.
And there are real psychological and social issues as you point out.
Bruce S. raised a serious technical issue that has not been refuted.
I've documented others in an essay here:
http://www.prescod.net/rest/security.html
Let me say again: REST is not a security silver bullet. SOAP services
are not guaranteed to be insecure.
But specifications and communities can encourage security and make it
easy or discourage it and make it hard. SOAP (whether RPC or
"messaging") does the latter.
Paul Prescod
|