2 items tagged “royfielding”
2009
CSRF is not a security issue for the Web. A well-designed Web service should be capable of receiving requests directed by any host, by design, with appropriate authentication where needed. If browsers create a security issue because they allow scripts to automatically direct requests with stored security credentials onto third-party sites, without any user intervention/configuration, then the obvious fix is within the browser.
2008
Explaining REST to Damien Katz. I didn’t know that it was Mark Baker back in 2002 who first pointed out that SOAP was flawed because it ignored the architecture of the Web as defined by Roy Fielding’s Ph.D thesis.