[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Non editable member?

To: "Sylvain Hellegouarch" <sh@xxxxxxxxxx>
Subject: Re: Non editable member?
From: "Joe Gregorio" <joe@xxxxxxxxxxxxxx>
Date: Wed, 31 Jan 2007 14:54:35 -0500
Cc: atom-protocol <atom-protocol@xxxxxxx>
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:sender:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references:x-google-sender-auth; b=utDtsxq4sGu8Lyw9DCE8FwUEqq+HvNpjwHr5sFvyoD4SHhPVvuWecpCm2eIXbi4d0GvlxOEMtxsji+i2G7jV/z8A+hb9j2DTiLFn8Q2SDoKDxH0ioGI7tFe/XZgbsL6UdbhvJYAl50f5zKX39yOkoeGAa7mZfbOqxgTy5VtXgo4=
In-reply-to: <45C0E751.1020909@xxxxxxxxxx>
List-archive: <http://www.imc.org/atom-protocol/mail-archive/>
List-id: <atom-protocol.imc.org>
List-unsubscribe: <mailto:atom-protocol-request@imc.org?body=unsubscribe>
References: <45C0E751.1020909@xxxxxxxxxx>
Sender: owner-atom-protocol@xxxxxxxxxxxx


On 1/31/07, Sylvain Hellegouarch <sh@xxxxxxxxxx> wrote:


While testing my online APP server, Brendan Taylor told me that my
server was not ensuring the rel="edit" link would exists throughout the
life of the member. This was a bug that I fixed. However that made me
wonder if we could use that behavior to make a member non editable.


That seems like 'security through obscurity'. I would drop the
rel="edit" and also return a 405 Method Not Allowed on
entries with respect to PUT and DELETE.

  -joe

the
only problem I see with that solution is that it also means the member
is not really one anymore and becomes a plain Atom entry.

Thoughts?

- Sylvain



--
Joe Gregorio        http://bitworking.org

References:
- Non editable member?
  - From: Sylvain Hellegouarch

Prev by Date: Non editable member?
Next by Date: Re: Need one more draft
Previous by thread: Non editable member?
Index(es):
- Date
- Thread