Webapp security: Different DB permissions for different requests

January 12th, 2008

When a GET hits your server, your RESTful webapp should not alter the database. Why not enforce this at the permissions level?

Read full entry »

Proper implementation of friend groups: Request for input

December 17th, 2007

In my quest to bring the features of Livejournal (and other proprietary social networks) to the open, public internet, I'm stuck on how to properly implements friend groups. Friend groups determine which users are allowed to see your more sensitive blog entries. I've pulled together a description of several alternative models, and I'd like some input.

Read full entry »