[
Lists Home |
Date Index |
Thread Index
]
On Jan 6, 2004, at 12:10 PM, Elliotte Rusty Harold wrote:
> At 12:04 PM -0500 1/6/04, Rich Salz wrote:
>
>> I read it. It appears that good security practices conflict with
>> REST. It's nice to hear the RESTafarians admit it.
>
> Possibly you read a message I missed or interpreted it differently.
> Could you please provide the URL to and quote from the specific
> message which demonstrates that good security practices conflict with
> REST?
>
http://groups.yahoo.com/group/rest-discuss/message/3593
Quoth Dr. Fielding, "I think it is more accurate to say that, because
user identification must be supplied
with each request subject to authentication, that an action like LOGIN
would only add overhead."
That's at least inconsistent with currently understood best practices,
although of course he (and you) could be proven right in the long run.
Can anyone point to a secure, scalable, automated [i.e., can be used by
software as a service as well as humans], and successful site that
adheres to REST principles? Amazon probably comes the closest, but the
tast I tried, Amazon wouldn't do much for me without cookies enabled.
(I tried a brief experiment disabling cookies awhile ago and was not a
happy user of the Web As It Is). Empirical proof that REST really
works would create a lot more converts than evangelism of its theory.
|
