W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > May to August 1997

Re: GET and referer security considerations

From: David W. Morris <dwm@xpasc.com>
Date: Tue, 1 Jul 1997 14:51:59 -0700 (PDT)
To: Scott Lawrence <lawrence@agranat.com>
Cc: http-wg@cuckoo.hpl.hp.com
Message-Id: <Pine.GSO.3.96.970701144932.12757B-100000@shell1.aimnet.com>


On Tue, 1 Jul 1997, Scott Lawrence wrote:

>   The world may need a Best Current Practices RFC to advise
>   application designers on how to avoid problems like the one Koen
>   cites, but no HTTP server can stop them, and the specification
>   should not be muddied with requirements which can neither be
>   implemented nor tested.

The BCP suggestion is valid in any case, but from an HTTP perspective,
there has never been a distinction between the piece of software known as
the server and applications it may launch ... the composite is "the
server".

Dave Morris
Received on Tuesday, 1 July 1997 14:59:13 EDT

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:32:45 EDT