douglas at crockford.com
Sat Mar 18 16:01:38 PST 2006
> The mimetype you're defining, because it is new, pretty-much ensures
> no existing service behind an intranet could be affected.
> I could still envision one day developers setting-up JSON syndication
> services behind an intranet, not quite grokking the fact that their
> data is now accessible from outside of their intranet. Silly, i know
> but ...
It is a concern. The only solution to that that I can see is education. When
choosing a technology for a service, whether SOAP or REST or JSONRequest or
whatever, you need to understand the pros and cons. A con with JSONRequest is
that if your are incompetent in determining your authentications, then data may
leak. For that reason, some people might choose to not use JSONRequest, and I
could support such a decision. But for people who want to use it (and that
includes me), we must be prepared to design our systems correctly. I know this
is a controversial position.
More information about the whatwg