Article:		Second Generation Web Services
Subject:		"Hiding" URIs
Date:		2002-02-10 09:12:15
From:		Marcus Groeber
There is only sentence I would like to pick a nit with in this otherwise very insightful article: <<< It is easy to hide objects by merely never publishing their URIs. >>> Many people had to learn the hard way that this is *not* a good way for hiding objects, after their "secret" internal web page suddenly appeared in a Referer header on some other site they link to, then found its way into a publicly available logfile and eventually ended up being crawled by every search engine possible... This does not not invalidate the basic idea that all the security infrastructure developed for HTTP can be easily adopted for web services - but the problem doesn't simply go away all by itself...

Previous Message

Next Message