I agree, it would probably make more sense to just use a conventional http
server to interface with the browser clients on the front-end to act as a
pass-through to cassandra on the back-end. No sense re-implementing all that
functionality.

Still, to Clint's point, everyone knows how to make an HTTP request. If you
want a cassandra client running on, let's say, an iPhone for some reason, a
REST API is going to be a lot more straight forward to implement.


On Mon, Jun 28, 2010 at 1:53 PM, Paul Prescod <p...@prescod.net> wrote:

> On Mon, Jun 28, 2010 at 1:45 PM, Marty Greenia <martygree...@gmail.com>
> wrote:
> > Would it ever be useful to someday have browser clients access cassandra
> > servers directly? I imagine that would be the most compelling scenario to
> > have REST API for.
>
> This is an interesting idea, but introduces quite a few security
> complexities. Which keys will a particular browser client be allowed
> to overwrite? What prevents an end-user from deleting your database
> through AJAX calls?
>
> I think you'd need some form of ACL and access token system. That's a
> lot of complexity.
>
>  Paul Prescod
>

Reply via email to