OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help



   Re: [xml-dev] Exposing resources/services vs hiding implementationdetail

[ Lists Home | Date Index | Thread Index ]

Michael Champion wrote:
> ...I would have to agree that
> security by obscurity is not something to rely on, but I'm not sure I
> would agree that advertising your internal architecture to potential
> hackers is a great idea either.

As hackers have just as much focus mucking about with plain ole web
sites, isn't that an argument for hiding your entire site behind
"http://www.example.com/crypticAddress"; also?

I don't see how defining a public URL space exposes any details about
my application structure. I've done it, for both human and machine
oriented interfaces, and you can't tell from the url structure or
response formats what my backend is doing. Or even if the entities in
the URI map 1:1 with entities in my database schema.




News | XML in Industry | Calendar | XML Registry
Marketplace | Resources | MyXML.org | Sponsors | Privacy Statement

Copyright 2001 XML.org. This site is hosted by OASIS