Lists Home |
Date Index |
> A lot of the arguments posed for REST seem to depend on programmers
> being lazy. So once again, we get arguments that
> the architecture should be designed for "the slowest runner".
"Bullard, Claude L (Len)" wrote:
> Arguments based on "RPC is bad for security; REST is good
> for security because the programmers will make naive mistakes"
> are "slowest runner" arguments. A marathon run with a bad
> knee will be just as painful and longer than a sprint.
First, you've taken one argument and acted as if it is many. The vast
majority of the arguments for REST have nothing to do with programmer
competency and everything to do with making systems that interoperate at
scale versus in labs.
Second, it is very common in the security world to promote systems that
promote security, because no system can in and of itself guarantee
security. I see nothing wrong with choosing an architecture because it
might tend to lower the number of security holes.