Re: GET and referer security considerations

Koen Holtman (koen@win.tue.nl)
Wed, 2 Jul 1997 19:46:39 +0200 (MET DST)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Foteos Macrides: "Re: GET and referer security considerations"
Previous message: Henrik Frystyk Nielsen: "Re: HTTP/1.1 & Proxies"
In reply to: David W. Morris: "Re: GET and referer security considerations"
Next in thread: Scott Lawrence: "Re: GET and referer security considerations"
Reply: Scott Lawrence: "Re: GET and referer security considerations"

David W. Morris:
[...]
>
>The BCP suggestion is valid in any case, but from an HTTP perspective,
>there has never been a distinction between the piece of software known as
>the server and applications it may launch ... the composite is "the
>server".

Yes. When I wrote

  Web servers SHOULD NOT use GET based forms ...

I meant web servers as a composite.  I did not mean to specify a
restriction which a poor httpd could never enforce by itself.  The
following restatement would also work:

  Authors of services which use the HTTP protocol SHOULD NOT use .....

>Dave Morris

Koen.

Next message: Foteos Macrides: "Re: GET and referer security considerations"
Previous message: Henrik Frystyk Nielsen: "Re: HTTP/1.1 & Proxies"
In reply to: David W. Morris: "Re: GET and referer security considerations"
Next in thread: Scott Lawrence: "Re: GET and referer security considerations"
Reply: Scott Lawrence: "Re: GET and referer security considerations"