[p2p-hackers] Re: [rest-discuss] Re: RESTful authorization
Lucas Gonze
lgonze at panix.com
Tue Sep 27 21:47:13 UTC 2005
coderman wrote:
>... some mechanism be used to ensure that access to
>resources can be constrained at a user level and audited at a user
>level.
>
>this is trivial to do if you ensure that no two users are given the
>same resource password; each use a distinct name to reference the same
>underlying resource.
>
In this context the URL is the password, so the publisher can just give
each distinct user a different URL. You can then revoke or expire
resources as the need comes up.
All these problems are amazingly trivial in the context of the kind of
heavy-duty tech that privacy systems usually require. Concealing the
HTTP referrer? What a great problem to have! There's nothing here that
can't be done with a single CGI script.
More information about the P2p-hackers
mailing list