[tahoe-dev] RESTful security
zooko
zooko at zooko.com
Mon Aug 20 11:20:18 PDT 2007
On the rest-discuss mailing list, a discussion about the poor browser
support for PUT and DELETE turned into a discussion of security when
Roy Fielding, whose PhD thesis was the seed of the REST paradigm,
opined that browsers shouldn't do potentially dangerous things
without human confirmation:
http://thread.gmane.org/gmane.comp.web.services.rest/6802/focus=6805
Maybe if our current XSRF issue:
http://allmydata.org/trac/tahoe/ticket/98
http://allmydata.org/pipermail/tahoe-dev/2007-August/000105.html
Is resolved in a nice general way, then we can use it as an example
case to inform that general discussion of RESTful security.
Regards,
Zooko
More information about the tahoe-dev
mailing list