Side effects from Luigi Rizzo on 1996-01-05 (http-caching-historical@w3.org from January 1996)

From: Luigi Rizzo <luigi@labinfo.iet.unipi.it>
Date: Fri, 5 Jan 1996 15:13:36 +0100 (MET)
To: http-caching@pa.dec.com
Cc: luigi@labinfo.iet.unipi.it (Luigi Rizzo)
Message-Id: <199601051413.PAA26967@labinfo.iet.unipi.it>

Maybe this has already been said, in which case I have lost it,
but I think the discussion on side effects is only of interest from
the point of view of the correctness of caching.

When you establish a connection with a party, there is no way you
cannot tell what the other party does with the data you supply.
Actually, each request has many side effects, implemented by most
clients, servers and caches, such as log the request, update
counters, cache data, possibly charge you for the service, etc.
Some of them have no effect on the document, some have.

Thus:

> Jeffrey Mogul writes:
> 	...
>  > 
>  > My vote is for "no GET/HEAD side effects except for retrieval charges."
>  > 
>  > -Jeff

We should not even care about this.
Well, maybe we should, it's a "cash" problem after all :) 

Somebody else (Shel ?) said:
> 
> I generally agree with what you said, but let me point out two things:
> 
> Thing 1. since forms can be submitted through the use of GET, it is
> hard to legislate the no-side-effects rule.  I believe it is for this
> reason that as a heuristic, caches typically do not cache the output
> of GETs on URLs with '?' in them.  Note that with the scheme I

The point is, if a server does not explicitly say that a document
can be cached or not, we can only infer its properties from other information,
and we can fail.

If we specify (in the standard) that a given method should not have
side effect, we are just specifying the default behaviour of our
cache.

The same reasoning applies to security issues: if we have sensitive
data, we better not send them out in an insecure way, or be prepared
to any misuse (it is of little interest if this is done the cache, or
by the end user).  As a matter of fact, the use of POST
instead of GET for this purpose just gives a sense of false
confidence.

	Luigi
====================================================================
Luigi Rizzo                     Dip. di Ingegneria dell'Informazione
email: luigi@iet.unipi.it       Universita' di Pisa
tel: +39-50-568533              via Diotisalvi 2, 56126 PISA (Italy)
fax: +39-50-568522              http://www.iet.unipi.it/~luigi/
====================================================================

Received on Friday, 5 January 1996 14:41:52 UTC