OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

 


 

   Re: [xml-dev] Malicious documents? (WAS: Interesting mailing list & a ra

[ Lists Home | Date Index | Thread Index ]

--- Miles Sabin <miles@milessabin.com> wrote:
> Interestingly, the RESTian push for GET over POST for web services is 
> likely to make exploits of this sort easier. That's not a criticism of 
> REST per se, but it suggests that RESTians probably have a duty to 
> think about the security implications of GET vs POST.

The HTTP spec describes some of the security implications of method
selection.[1][2] No REST advocate I've encountered has advocated using GET for
actions that are not safe. What sort of additional implications were you
thinking about?

Jim

[1] - http://www.w3.org/Protocols/rfc2616/rfc2616-sec9.html#sec9.1
[2] - http://www.w3.org/Protocols/rfc2616/rfc2616-sec15.html#sec15.1.3

=====
Jim Ancona
jim@anconafamily.com                     jancona@xevo.com

__________________________________________________
Do You Yahoo!?
Yahoo! - Official partner of 2002 FIFA World Cup
http://fifaworldcup.yahoo.com




 

News | XML in Industry | Calendar | XML Registry
Marketplace | Resources | MyXML.org | Sponsors | Privacy Statement

Copyright 2001 XML.org. This site is hosted by OASIS