W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2007

Re: New issue: Need for an HTTP request method registry

From: Adrien de Croy <adrien@qbik.com>
Date: Wed, 08 Aug 2007 10:40:56 +1200
Message-ID: <46B8F4F8.3020906@qbik.com>
To: HTTP Working Group <ietf-http-wg@w3.org>



Julian Reschke wrote:
>
> In general, I think all methods should be allowed unless proven to be 
> a security problem.
>
I think there's a compelling argument to be made for denying all methods
unless proven (or at least strongly believed) to be safe.

Waiting for something to be proven unsafe isn't safe.  If I were MS, I
would definitely adopt the more cautious approach.

-- 
Adrien de Croy - WinGate Proxy Server - http://www.wingate.com
Received on Tuesday, 7 August 2007 22:40:35 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:50:15 GMT