Re: GET and referer security considerations

David W. Morris (dwm@xpasc.com)
Tue, 1 Jul 1997 14:51:59 -0700 (PDT)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Roy T. Fielding: "Re: HTTP/1.1 & Proxies"
Previous message: Yaron Goland: "RE: HTTP/1.1 & Proxies"
In reply to: Scott Lawrence: "Re: GET and referer security considerations"
Next in thread: Koen Holtman: "Re: GET and referer security considerations"
Reply: Koen Holtman: "Re: GET and referer security considerations"

On Tue, 1 Jul 1997, Scott Lawrence wrote:

>   The world may need a Best Current Practices RFC to advise
>   application designers on how to avoid problems like the one Koen
>   cites, but no HTTP server can stop them, and the specification
>   should not be muddied with requirements which can neither be
>   implemented nor tested.

The BCP suggestion is valid in any case, but from an HTTP perspective,
there has never been a distinction between the piece of software known as
the server and applications it may launch ... the composite is "the
server".

Dave Morris

Next message: Roy T. Fielding: "Re: HTTP/1.1 & Proxies"
Previous message: Yaron Goland: "RE: HTTP/1.1 & Proxies"
In reply to: Scott Lawrence: "Re: GET and referer security considerations"
Next in thread: Koen Holtman: "Re: GET and referer security considerations"
Reply: Koen Holtman: "Re: GET and referer security considerations"