Lists Home |
Date Index |
--- Miles Sabin <email@example.com> wrote:
> Interestingly, the RESTian push for GET over POST for web services is
> likely to make exploits of this sort easier. That's not a criticism of
> REST per se, but it suggests that RESTians probably have a duty to
> think about the security implications of GET vs POST.
The HTTP spec describes some of the security implications of method
selection. No REST advocate I've encountered has advocated using GET for
actions that are not safe. What sort of additional implications were you
 - http://www.w3.org/Protocols/rfc2616/rfc2616-sec9.html#sec9.1
 - http://www.w3.org/Protocols/rfc2616/rfc2616-sec15.html#sec15.1.3
Do You Yahoo!?
Yahoo! - Official partner of 2002 FIFA World Cup