[
Lists Home |
Date Index |
Thread Index
]
On Wednesday 20 February 2002 05:09 pm, Joshua Allen wrote:
> I just find the idea that REST would be
> inherently more secure than RPC (or likewise, RPC more secure than
> REST) objectionable. It is possible to make arguments for or
> against either architecture's inherent security.
Fundamentally the security models are exactly the same. The only area
where REST might have an edge is in using short-lived URI's to refer
to particular states in a process... essentially scoping the URI to
the transaction and the client session. If HTTP is used for REST
though, it's pretty much wide-open (people can always capture the
URI's) unless you use SSL, in which case SOAP and REST are again
equivalent.
|