REST is very useful as a front facing interface to a web service. By only having 4 commands, get, put, post, and delete, it allows for a simple mechanism for accessing data. It is a “pay no attention to the man behind the curtain” aspect. The requester should only care that they get a response from the query. And since the design is stateless, which means that all the info needed to handle the request is in the request itself, it makes it even more portable. It reminds me a lot of SQL statements. Get is a select, post is an insert, put is an update, and delete is ….. well delete. Even though there are more SQL statements. They all boil down to doing three things, creation, modification and deletion which is all you can really do with data.
The author seems to think that they can rely on already in place security features to prevent data access from unauthorized parties. I don't really agree with that unless he implies that each request and reply is using SSL encryption. I do agree with him that a simple system will be easier to find and plug security holes than a more complicated one. Then again a complicated one might make it harder to exploit those holes to begin with.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment