- From: Douglas Crockford <douglas@crockford.com>
- Date: Sat, 18 Mar 2006 16:01:38 -0800
> The mimetype you're defining, because it is new, pretty-much ensures > no existing service behind an intranet could be affected. > I could still envision one day developers setting-up JSON syndication > services behind an intranet, not quite grokking the fact that their > data is now accessible from outside of their intranet. Silly, i know > but ... It is a concern. The only solution to that that I can see is education. When choosing a technology for a service, whether SOAP or REST or JSONRequest or whatever, you need to understand the pros and cons. A con with JSONRequest is that if your are incompetent in determining your authentications, then data may leak. For that reason, some people might choose to not use JSONRequest, and I could support such a decision. But for people who want to use it (and that includes me), we must be prepared to design our systems correctly. I know this is a controversial position. http://www.JSON.org/JSONRequest.html
Received on Saturday, 18 March 2006 16:01:38 UTC