W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > May to August 1997

Re: GET and referer security considerations

From: Koen Holtman <koen@win.tue.nl>
Date: Wed, 2 Jul 1997 19:46:39 +0200 (MET DST)
Message-Id: <199707021746.TAA12780@wsooti08.win.tue.nl>
To: "David W. Morris" <dwm@xpasc.com>
Cc: lawrence@agranat.com, http-wg@cuckoo.hpl.hp.com
X-Mailing-List: <http-wg@cuckoo.hpl.hp.com> archive/latest/3621
David W. Morris:
>The BCP suggestion is valid in any case, but from an HTTP perspective,
>there has never been a distinction between the piece of software known as
>the server and applications it may launch ... the composite is "the

Yes. When I wrote

  Web servers SHOULD NOT use GET based forms ...

I meant web servers as a composite.  I did not mean to specify a
restriction which a poor httpd could never enforce by itself.  The
following restatement would also work:

  Authors of services which use the HTTP protocol SHOULD NOT use .....

>Dave Morris

Received on Wednesday, 2 July 1997 10:49:50 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 7 January 2015 14:40:20 UTC