[XML-DEV Mailing List Archive Home] [By Thread] [By Date] [Recent Entries] [Reply To This Message]

Re: SOAP-RPC and REST and security

• To: <xml-dev@l...>
• Subject: Re: SOAP-RPC and REST and security
• From: Gavin Thomas Nicol <gtn@r...>
• Date: Wed, 20 Feb 2002 17:51:29 -0500
• In-reply-to: <4F4182C71C1FDD4BA0937A7EB7B8B4C1045A0C73@r...>
• Organization: Red Bridge Interactive, Inc.
• References: <4F4182C71C1FDD4BA0937A7EB7B8B4C1045A0C73@r...>

On Wednesday 20 February 2002 05:09 pm, Joshua Allen wrote:
> I just find the idea that REST would be
> inherently more secure than RPC (or likewise, RPC more secure than
> REST) objectionable.  It is possible to make arguments for or
> against either architecture's inherent security.  

Fundamentally the security models are exactly the same. The only area 
where REST might have an edge is in using short-lived URI's to refer 
to particular states in a process... essentially scoping the URI to 
the transaction and the client session. If HTTP is used for REST 
though, it's pretty much wide-open (people can always capture the 
URI's) unless you use SSL, in which case SOAP and REST are again 
equivalent.

• References:
  • RE: SOAP-RPC and REST and security
    • From: "Joshua Allen" <joshuaa@m...>

• Prev by Date: Re: RDDL: minor update
• Next by Date: Re: SOAP-RPC and REST and security
• Previous by thread: RE: SOAP-RPC and REST and security
• Next by thread: RE: SOAP-RPC and REST and security
• Index(es):
  • Date
  • Thread