W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2010

Re: User confirmation and 307 redirects

From: Adam Barth <ietf@adambarth.com>
Date: Thu, 19 Aug 2010 14:10:48 -0700
Message-ID: <AANLkTi=Hj0dKo3aM_nHvZMwu_f-gvP_Mw3Ptu8=hTMRu@mail.gmail.com>
To: "Roy T. Fielding" <fielding@gbiv.com>
Cc: Julian Reschke <julian.reschke@gmx.de>, httpbis <ietf-http-wg@w3.org>, Maciej Stachowiak <mjs@apple.com>
On Thu, Aug 19, 2010 at 2:06 PM, Roy T. Fielding <fielding@gbiv.com> wrote:
> It isn't a feature.  It is a security constraint.  The fact that some
> browsers have security holes is well known.

It's completely ineffective as a security mechanism.  At best, all it
could do is result in blame-the-user security, which isn't security at
all.

Adam
Received on Thursday, 19 August 2010 21:11:45 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:24 GMT