I have no issues enforcing security in a RESTful app by using the HTTP protocol property. By logic SOAP is as flawed.
Use RBAC, and the ETag to determine when something can happen, then enforce the authentication before the operation is executed. On Jan 30, 6:46 pm, cancel bubble <[email protected]> wrote: > "My thesis is that the security situation with JavaScript is so poor that > the only solution is to kill it. End users have very little in the way of > protection against malicious JavaScript, major web sites suffer from XSS and > CSRF flaws, the language itself allows appalling security holes, and as data > moves to the cloud the 14 year old JavaScript security sandbox becomes more > and more irrelevant." > > Thoughts? -- To view archived discussions from the original JSMentors Mailman list: http://www.mail-archive.com/[email protected]/ To search via a non-Google archive, visit here: http://www.mail-archive.com/[email protected]/ To unsubscribe from this group, send email to [email protected]
