Le 18 août 2013 06:00, "Alexandr Kurilin" <a...@kurilin.net> a écrit : > > My thought process was that at this point I have a pure API that either gets the right inputs or it simply does nothing. As in, no helping messages about what went wrong, no attempt to do recovery. Some claim that for security purposes errors encountered by the API should be as opaque as possible to leak few internal details, so that's vaguely the direction I'm going in at this point, even though you lose on the development front. > About the security, the only point when your API is opaque about errors concerns the login step. Except that, your API should be auto-documented and provide all information about errors. Else, the users won't like use your API if they can't debug their code.
-- -- You received this message because you are subscribed to the Google Groups "Clojure" group. To post to this group, send email to clojure@googlegroups.com Note that posts from new members are moderated - please be patient with your first post. To unsubscribe from this group, send email to clojure+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/clojure?hl=en --- You received this message because you are subscribed to the Google Groups "Clojure" group. To unsubscribe from this group and stop receiving emails from it, send an email to clojure+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.