On 19/01/07, Mark Baker <[EMAIL PROTECTED]> wrote: > > > > > > > On 1/19/07, Mark Baker <[EMAIL PROTECTED]> wrote: > > On 1/19/07, Gregg Wonderly <[EMAIL PROTECTED]> wrote: > > > It is an enabler of content > > > transfer, which in some case might be mobile code, but the fact that any > > > particular document type represents code is something that the client > > > determines, not REST. > > > > Actually, it's something the server (and therefore, message, and > > therefore the connector, and therefore REST) declares, e.g. > > oops, s/connector/data
I'd be a bit worried from a security perspective if it was the server that purely determined remote code execution, the client has to understand what the language it is being presented with means and what the context is for that language in its operation. Now the Java environment has that security baked in, which is nice. So the question is if REST is used for remote code execution what is the standard REST policy around non-execution of that remote code? >
