[OTDev] encoding accept header MIME types in URI
Christoph Helma helma at in-silico.chFri Jan 14 11:00:36 CET 2011
- Previous message: [OTDev] Smart Features duplication due to hasSource
- Next message: [OTDev] encoding accept header MIME types in URI
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
> Actually, it's not that bad from security point of view, because the REST > framework will handle the extensions itself and adding an extension is > merely a configuration issue. > > But you are at the mercy of the framework, and here I understand these > differ. The Ruby framework as explained in Christoph's email works via URI > rewriting, while Restlet works via "tunneling", i.e. rerouting the request > to the proper code, rather than rewriting the URI. Thus in Restlet we end > in the proper code to handle the request, but with the original URI . And if > we want to check if the URI is authorized by the OpenSSO server, we have to > do the extension removing ourselves :( > Please don't get me wrong: I see the extension variant purely as a convenience method for GET requests of text oriented clients and html links (there is no point in using them in POST requests). If it is too hard to implement them in a safe way in one of the frameworks I would rather use a more inconvenient method than to risk that extensions end up as resource URIs (or to spend too much efforts to make it work). Maybe we can work for some time with the current implementations and choose another solution if we run into troubles. Best regards, Christoph
- Previous message: [OTDev] Smart Features duplication due to hasSource
- Next message: [OTDev] encoding accept header MIME types in URI
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Development mailing list