W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2007

Re: New issue: Need for an HTTP request method registry

From: Adrien de Croy <adrien@qbik.com>
Date: Wed, 08 Aug 2007 10:40:56 +1200
Message-ID: <46B8F4F8.3020906@qbik.com>
To: HTTP Working Group <ietf-http-wg@w3.org>

Julian Reschke wrote:
> In general, I think all methods should be allowed unless proven to be 
> a security problem.
I think there's a compelling argument to be made for denying all methods
unless proven (or at least strongly believed) to be safe.

Waiting for something to be proven unsafe isn't safe.  If I were MS, I
would definitely adopt the more cautious approach.

Adrien de Croy - WinGate Proxy Server - http://www.wingate.com
Received on Tuesday, 7 August 2007 22:40:35 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:10:43 UTC