Search the web
Sign In
New User? Sign Up
rest-explore
  • Members Only
  • Post
  • Photos
  • Members
  • Promote
  • Groups Labs (Beta)
? Already a member? Sign in to Yahoo!

Yahoo! Groups Tips

Did you know...
Want to share photos of your group with the world? Add a group photo to Flickr.

Best of Y! Groups

   Check them out and nominate your group.
Having problems with message search? Fill out this form to ensure your group is one of the first to be migrated to the new message search system.

Messages

   Messages Help
Message #
Search:
Advanced
feedback   Message List  
Reply | Forward Message #424 of 445 |
Re: Misunderstanding of security aphorisms (Was: Re: [rest-explore] feedback)


> However, if the attacker has the ability to eavesdrop, then for
> either mechanism, he can just wait until the server sends the
> resource representation, and read it directly off the wire.
> There's no need to get either the secret URL or the user/password.

Hah, that's very true! :)

> I suggest you develop several use-cases for RNA and then decide
> what types of attackers you wish to defend against. Otherwise, you
> are just wasting your time.

Good advice, that sounds like a more robust way to evaluate the security
of the specification.

Michael Day

--
YesLogic Prince prints XML!
http://yeslogic.com/prince
Wed May 7, 2003 11:20 am

Show Message Option
mikeday@...
Send Email Send Email

Forward 		Message #424 of 445 |
Expand Messages Author Sort by Date

... Thank you. ... I do have some ideas. I hope you will give them due hearing and not jump to premature and uninformed decisions. ... Well, the first step is...
Tyler Close
tjclose
Offline Send Email 		May 2, 2003
2:30 pm

... Hah, that's very true! :) ... Good advice, that sounds like a more robust way to evaluate the security of the specification. Michael Day -- YesLogic Prince...
Michael Day
mikeday@...
Send Email 		May 7, 2003
9:58 am

... Thanks, I had never heard the word "nonce" used outside of Shakespeare :) In that case, replace what I said about "security through obscurity" with ...
Michael Day
mikeday@...
Send Email 		May 2, 2003
4:58 am

From: "Michael Day" <mikeday@...> ... Good list! To me, RNA currently provides the infrastructure for the first four, but only because this is...
Seairth Jacobs
seairthjacobs
Offline Send Email 		May 1, 2003
2:07 pm

From: "Chuck Hinson" <cmhinson@...> ... Not entirely, I think. If you were sending a notification to multiple recipients, for instance, you would have to...
Seairth Jacobs
seairthjacobs
Offline Send Email 		May 1, 2003
2:19 pm
 First  |  |  Next > Last 
< Prev Topic  |  Next Topic >
Message #
Search:
Advanced
Copyright © 2009 Yahoo! Inc. All rights reserved.
Privacy Policy - Terms of Service - Guidelines - Help