OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help



   Re: [xml-dev] Malicious documents? (WAS: Interesting mailing list & a ra

[ Lists Home | Date Index | Thread Index ]

--- Miles Sabin <miles@milessabin.com> wrote:
> Interestingly, the RESTian push for GET over POST for web services is 
> likely to make exploits of this sort easier. That's not a criticism of 
> REST per se, but it suggests that RESTians probably have a duty to 
> think about the security implications of GET vs POST.

The HTTP spec describes some of the security implications of method
selection.[1][2] No REST advocate I've encountered has advocated using GET for
actions that are not safe. What sort of additional implications were you
thinking about?


[1] - http://www.w3.org/Protocols/rfc2616/rfc2616-sec9.html#sec9.1
[2] - http://www.w3.org/Protocols/rfc2616/rfc2616-sec15.html#sec15.1.3

Jim Ancona
jim@anconafamily.com                     jancona@xevo.com

Do You Yahoo!?
Yahoo! - Official partner of 2002 FIFA World Cup


News | XML in Industry | Calendar | XML Registry
Marketplace | Resources | MyXML.org | Sponsors | Privacy Statement

Copyright 2001 XML.org. This site is hosted by OASIS