Question

在大韩民国,我已经知道所有原因:<>on paper,为什么我应当not在发出更新服务器上某些物品状况的有益呼吁时,使用“HTTP GET”。因此,每次返回的数据可能有所不同。我知道这一点是错误的,原因有:

HTTP GET calls should be idempotent
N > 0 calls should always GET the same data back
Violates HTTP spec
HTTP GET call is typically read-only

And I am sure there are more reasons. But I need a concrete simple example for justification other than "Well, that violates the HTTP Spec!". ...or at least I am hoping for one. I have also already read the following which are more along the lines of the list above: Does it violate the RESTful when I write stuff to the server on a GET call? & HTTP POST with URL query parameters -- good idea or not?

For example, can someone justify the above and why it is wrong/bad practice/incorrect to use a HTTP GET say with the following RESTful call

"MyRESTService/GetCurrentRecords?UpdateRecordID=5&AddToTotalAmount=10"

I know it s wrong, but hopefully it will help provide an example to answer my original question. So the above would update recordID = 5 with AddToTotalAmount = 10 and then return the updated records. I know a POST should be used, but let s say I did use a GET.

? 除了上述子弹清单中的所有侵权行为之外,如何利用吉大港山区GET,使上述问题产生一些实际问题? 太多时候,我陷入了一种情景,即我可以用“这番话”来证明事情是正当的,但我需要就此提出理由和更好的理解。

Thanks!

Answer 1

您将面临问题的实际情况是,如果吉大港定居地保姆的实施失败,吉大港定居地港定居地往往被重新雇用。因此,在现实生活中,当服务器多次接收同样的全球教育培训时,你会遇到这种情况。如果您的更新是一成不变的(你是你),那么就不会有问题,但如果它不屈不.(例如给某个数额增加一些价值),那么你就可以获得多方面的(不受欢迎的)更新。

HTTP POST 从未被提过,因此你永远不会有这个问题。

Answer 2

如果某种形式的搜索引擎把你的网站推上机,那么可以无意地改变你的数据。

过去,谷歌桌面搜索曾导致人们失去数据,因为人们已经把业务作为GETs。

Answer 3

Here is an important reason that GETs should be idempotent and not be used for updating state on the server in regards to Cross Site Request Forgery Attacks. From the book: Professional ASP.NET MVC 3

Idempotent GETs
Big word, for sure — but it’s a simple concept. If an operation is idempotent, it can be executed multiple times without changing the result. In general, a good rule of thumb is that you can prevent a whole class of CSRF attacks by only changing things in your DB or on your site by using POST. This means Registration, Logout, Login, and so forth. At the very least, this limits the confused deputy attacks somewhat.

Answer 4

还有一个问题。如果使用GET方法,数据则在URL本身发出。在网络服务器的标识中,这一数据与请求途径一起在服务器中节省了一些地方。现在可以相信,如果有人能够查阅/读到这些记录档案,那么你的数据(便于使用、密码、关键词、标语等)就会发现。这是危险的,必须予以注意。

在服务器的标识档案中,头盔和机体没有标记,但申请途径是。因此,在寄送数据的体内,而不是在请求途径中,你的数据仍然是安全的。

Answer 5

i think that reading this resource: http://www.servicedesignpatterns.com/WebServiceAPIStyles could be helpful to you to make difference between message API and resource api ?

友情链接