Re: GET and referer security considerations

Siew Sim (siew.sim@starquest.com)
Wed, 02 Jul 1997 11:17:26 -0700

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Matthew Rubenstein: "Re: GET and referer security considerations"
Previous message: Foteos Macrides: "Re: GET and referer security considerations"
Maybe in reply to: Koen Holtman: "GET and referer security considerations"
Next in thread: Koen Holtman: "Re: GET and referer security considerations"
Reply: Koen Holtman: "Re: GET and referer security considerations"

>Yes. When I wrote
>
>  Web servers SHOULD NOT use GET based forms ...
>
>I meant web servers as a composite.  I did not mean to specify a
>restriction which a poor httpd could never enforce by itself.  The
>following restatement would also work:
>
>  Authors of services which use the HTTP protocol SHOULD NOT use .....
>
>
>Koen.
>
Am I right that most if not all servers that support some kind of server 
side scripting language use GET based forms?  

Also, the different with GET and POST is where the argument list
is placed within the protocol.  Can't there be a restriction on the
referer header to exclude the argument list?  Besides, I think it 
might be helpful if an entity can specify in its response header if 
it does not like to be disclosed as a referer.

Siew


Siew Sim
StarQuest Connectivity Software
(510)704-2566
2150 Shattuck Ave. Suite 600
Berkeley, CA 94704

Next message: Matthew Rubenstein: "Re: GET and referer security considerations"
Previous message: Foteos Macrides: "Re: GET and referer security considerations"
Maybe in reply to: Koen Holtman: "GET and referer security considerations"
Next in thread: Koen Holtman: "Re: GET and referer security considerations"
Reply: Koen Holtman: "Re: GET and referer security considerations"