[
Lists Home |
Date Index |
Thread Index
]
Michael Champion wrote:
> On Apr 5, 2005 9:16 AM, Bill de hÓra <bill.dehora@propylon.com> wrote:
>
>
>>If you decide to go the POST route, what you want to avoid are exposing
>>controller URIs (all client requests go to one URI). At least give the
>>things of interest (the equivalent of your objects in your domain model
>>or your table rows in your physical data model) visible identity.
>
>
> Why " give things of interest (the equivalent of your objects in your
> domain model or your table rows in your physical data model) visible
> identity?" That seems to violate the principle of information
> hiding that has been around since before OO. It seems to be simply a
> Bad Idea to expose internal details in a world where slimeballs have
> proliferated who would love to subvert your website for fun and/or
> profit. Why not hide them behind a "controller URI" that accepts
> requests and gives them a going over with the polygraph and
> protocoscope, then routes them to whereever the system thinks they
> should be routed at this moment?
>
I don't know the answer, but wouldn't it make security easier? You can
protect an URI and reroute at a more external level before it goes into
the system.
-Rob
|
