Altova Mailing List Archives
>xml-dev Archive Home
>Thread Prev - REST has too many verbs
Re: [xml-dev] REST has too many verbs
Date: 2/11/2002 9:25:00 PM
On Monday 11 February 2002 01:56 pm, Paul Prescod wrote: > Gavin Thomas Nicol wrote: > > > If you do that, you make it extremely difficult to build > > > intermediaries like: > > > > > > * store-and-forward services > > > * caches > > > * firewalls > > > * proxies > > > * message routers > > > * privacy managing intermediaries > > > > This is not strictly true. > > You say that but your message did not provide any evidence. OK. I'll play the game... you *prove* to *me* that these become extremely difficult, and then I'll prove that you're wrong... > > I don't think you can assume that visibility is always a good > > thing.... > > Optional visibility is always a good thing. You can turn it off > easily if you don't want it. SSL is an example of turning it off. Prove that "optional visibility is always a good thing". Explain to be why tacking on SSL and authentication mechanisms is better than controlled disclosure in the first place.... especially for things like web services. > So you're saying that HTTP can be fairly easily attacked from a > security point of view unless you use the security features. No, I am pointing out that open disclosure and visibility aren't necessarily good things... indeed, the basic tenet of security is the principal of "least priviledge", which implies lack of both these things. SSL was created because HTTP, in and of itself, has very poor security.