W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > May to August 1997

Re: GET and referer security considerations

From: Koen Holtman <koen@win.tue.nl>
Date: Wed, 2 Jul 1997 19:46:39 +0200 (MET DST)
Message-Id: <199707021746.TAA12780@wsooti08.win.tue.nl>
To: "David W. Morris" <dwm@xpasc.com>
Cc: lawrence@agranat.com, http-wg@cuckoo.hpl.hp.com
David W. Morris:
[...]
>
>The BCP suggestion is valid in any case, but from an HTTP perspective,
>there has never been a distinction between the piece of software known as
>the server and applications it may launch ... the composite is "the
>server".

Yes. When I wrote

  Web servers SHOULD NOT use GET based forms ...

I meant web servers as a composite.  I did not mean to specify a
restriction which a poor httpd could never enforce by itself.  The
following restatement would also work:

  Authors of services which use the HTTP protocol SHOULD NOT use .....

>Dave Morris

Koen.
Received on Wednesday, 2 July 1997 10:49:50 EDT

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:32:45 EDT