Lists Home |
Date Index |
On Fri, 31 Jan 2003 12:51:53 -0500, Mark Baker <email@example.com> wrote:
> In the former, the data that is sent is just data, not a request for
> action. POST is the action. If it were sent with HTTP PUT, it would
> mean something entirely different.
Back to our canonical disagreement :-) My position is that the "interface"
is the totality of the contract between producer and consumer; the
difference between "just data" and "request for action" is pretty fuzzy at
best. (LISP being the usual example, I guess). The "action" is whatever
happens on the server, however that got invoked. Call it a "method", call
it a "request", call it a "suggestion" ... some code will parse the "just
data" and decide to do something.
Disallow POST and insist that all GETs be safe and PUTs idempotent, and I
would agree that REST is less of a security hole, but it's gonna be hard to
do application integration that way.