Re: Security Concerns section added to Query_by_reference

On Thursday 16 April 2009 15:04:15 Steve Harris wrote:
> Well, that was just an example. It doesn't alter the concern that  
> letting external services trigger GET requests from inside a firewall  
> is a bad idea in general.

That's true, but it was a bad example. :-) The main concern, I think, is that 
it makes it harder to configure the infrastructure to distinguish an 
unprivileged external user and a privileged internal user.

We could make it an optional feature, where the server may send a 403 if it 
doesn't support it.

Then the server admin may decide if they want to accept the risks.

Kind regards 

Kjetil Kjernsmo
Senior Knowledge Engineer
Mobile: +47 986 48 234


Computas AS  PO Box 482, N-1327 Lysaker | Phone:+47 6783 1000 | Fax:+47 6783 

Received on Thursday, 16 April 2009 14:32:49 UTC