[
Lists Home |
Date Index |
Thread Index
]
--- Miles Sabin <miles@milessabin.com> wrote:
> Interestingly, the RESTian push for GET over POST for web services is
> likely to make exploits of this sort easier. That's not a criticism of
> REST per se, but it suggests that RESTians probably have a duty to
> think about the security implications of GET vs POST.
The HTTP spec describes some of the security implications of method
selection.[1][2] No REST advocate I've encountered has advocated using GET for
actions that are not safe. What sort of additional implications were you
thinking about?
Jim
[1] - http://www.w3.org/Protocols/rfc2616/rfc2616-sec9.html#sec9.1
[2] - http://www.w3.org/Protocols/rfc2616/rfc2616-sec15.html#sec15.1.3
=====
Jim Ancona
jim@anconafamily.com jancona@xevo.com
__________________________________________________
Do You Yahoo!?
Yahoo! - Official partner of 2002 FIFA World Cup
http://fifaworldcup.yahoo.com
|