What are peoples thoughts on using REST not only as a web service, but also within the application itself as another layer of abstraction? I would assume in this way all the DB related calls would go through the REST layer, and this way they can be invoked as services or locally through the app. Is this too much overhead since the model itself is a layer?
What are the best ways to deal with this from a security aspect (such as making sure people dont call some DELETE action on senstive data)? Is this handled with authorization or some other such way? I wouldn't want an "authorized" user to delete content they aren't authorized to delete of course. What are some of the patterns people are using to implement this? Any other thoughts? Thanks! John
_______________________________________________ List: Catalyst@lists.rawmode.org Listinfo: http://lists.rawmode.org/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.rawmode.org/ Dev site: http://dev.catalyst.perl.org/
