Cart
|
[XML-DEV Mailing List Archive Home] [By Thread] [By Date] [Recent Entries] [Reply To This Message] Re: Re: Cookies at XML Europe 2004 -- Call for Particip ation
 On Jan 6, 2004, at 12:10 PM, Elliotte Rusty Harold wrote: > At 12:04 PM -0500 1/6/04, Rich Salz wrote: > >> I read it. It appears that good security practices conflict with >> REST. It's nice to hear the RESTafarians admit it. > > Possibly you read a message I missed or interpreted it differently. > Could you please provide the URL to and quote from the specific > message which demonstrates that good security practices conflict with > REST? > http://groups.yahoo.com/group/rest-discuss/message/3593 Quoth Dr. Fielding, "I think it is more accurate to say that, because user identification must be supplied with each request subject to authentication, that an action like LOGIN would only add overhead." That's at least inconsistent with currently understood best practices, although of course he (and you) could be proven right in the long run. Can anyone point to a secure, scalable, automated [i.e., can be used by software as a service as well as humans], and successful site that adheres to REST principles? Amazon probably comes the closest, but the tast I tried, Amazon wouldn't do much for me without cookies enabled. (I tried a brief experiment disabling cookies awhile ago and was not a happy user of the Web As It Is). Empirical proof that REST really works would create a lot more converts than evangelism of its theory. 
|
PURCHASE STYLUS STUDIO ONLINE TODAY!Purchasing Stylus Studio from our online shop is Easy, Secure and Value Priced! 
Download The World's Best XML IDE!Accelerate XML development with our award-winning XML IDE - Download a free trial today! Subscribe in XML format
|
|||||||||
