>On Jan 17, 2006, at 11:34 AM, Mark Baker wrote: > >> >>In the HTTP binding part of the protocol[1], the advice as to whether >>or not a URI serialization for the query is suitable is given as; >> >>"The GET binding should be used except in cases where the URL-encoded >>query exceeds practicable limits, in which case the POST binding >>should be used." >> >>Due to the considerations in the "security" section about possible >>denial-of-service attacks, combined with the assumed "do no harm" >>(safety) aspect of GET, I think it's quite reasonable for a service >>provider not to expose potentially expensive queries via URI+GET. >> >>I still like the idea of a SHOULD-level requirement for using URIs >>though, so perhaps something like this could be said; >> >>"The GET binding SHOULD be used except in the following cases, in >>which case the POST binding SHOULD be used; >> >> o where the URL-encoded query exceeds practicable length limits >> o where the cost of processing the query may be prohibitive (see >>Section 3.1, "Security")" > >We just voted to publish a new LC protocol document. But I favor this patch, +1 Pat -- --------------------------------------------------------------------- IHMC (850)434 8903 or (650)494 3973 home 40 South Alcaniz St. (850)202 4416 office Pensacola (850)202 4440 fax FL 32502 (850)291 0667 cell phayesAT-SIGNihmc.us http://www.ihmc.us/users/phayesReceived on Tuesday, 17 January 2006 21:07:59 GMT
This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 16:15:25 GMT