On Sun, Jan 03, 2010 at 11:40:32AM -0800, Chris Anderson wrote: > I'd avoid thinking that hiding Futon provides security. Ideally users > would be able to get into the data via Futon if they choose. If you > structure your validation functions properly, this should be > completely secure (more secure than an http-proxy based authorization > model).
This strikes me as an odd and interesting proposition (read: the good kind). I can think of plenty of cases where I don't want users to see all the data that I have related to them: ex., hashed/crypted passwords, analytics, various types of scores/weights, my profit margin on their purchases, etc. Allowing users to inspect documents about themselves through Futon would allow them to see all those goodies. Also, I have always been of the mind that even if something doesn't inherently cause a security flaw, that you shouldn't give it to your users if you don't need to (users are too good at breaking things in ways that you don't expect, especially the malicious ones). Not that I'm not a fan of open APIs (actually, I'm a huge fan), but even those enforce validation/rules. Or were you discussing a specific use case? Cheers, -- Sam Bisbee
