[tahoe-dev] RESTful security

zooko zooko at zooko.com
Mon Aug 20 18:20:18 UTC 2007


On the rest-discuss mailing list, a discussion about the poor browser  
support for PUT and DELETE turned into a discussion of security when  
Roy Fielding, whose PhD thesis was the seed of the REST paradigm,  
opined that browsers shouldn't do potentially dangerous things  
without human confirmation:

http://thread.gmane.org/gmane.comp.web.services.rest/6802/focus=6805

Maybe if our current XSRF issue:

http://allmydata.org/trac/tahoe/ticket/98

http://allmydata.org/pipermail/tahoe-dev/2007-August/000105.html

Is resolved in a nice general way, then we can use it as an example  
case to inform that general discussion of RESTful security.

Regards,

Zooko



More information about the tahoe-dev mailing list