Webapp security: Different DB permissions for different requests
January 12th, 2008When a GET hits your server, your RESTful webapp should not alter the database. Why not enforce this at the permissions level?
Read full entry »When a GET hits your server, your RESTful webapp should not alter the database. Why not enforce this at the permissions level?
Read full entry »I'm having difficulty deciding what is the best approach to returning from a POST request to one's web app. I'd like to deliver messages to the user about the results of the request, I want to avoid some nasty POST-related browser behavior, and proper bookmarking would be sweet, too. Unfortunately, it seems I can only have 2 out of the 3 with any given strategy.
Read full entry »