W3C home > Mailing lists > Public > public-webapi@w3.org > June 2006

Re: XHR security risks

From: Mark Nottingham <mnot@yahoo-inc.com>
Date: Thu, 8 Jun 2006 09:25:32 -0700
Message-Id: <1C67BECE-E0D0-4AF0-A3A2-BEF7A3539B0C@yahoo-inc.com>
Cc: "Julian Reschke" <julian.reschke@gmx.de>, "Public Web API" <public-webapi@w3.org>
To: Charles McCathieNevile <chaals@opera.com>


On 2006/06/08, at 6:41 AM, Charles McCathieNevile wrote:

> There is a convention that you don't use GET for things with side  
> effects, but there is nothing that enforces that convention.

Caching proxies
Search engines and other automated processes
Google Web accelerator

I think it's very effectively enforced, by the Web itself. Remember,  
2616 doesn't say that there can't be side effects, just that the  
server has to be able to live with them without blaming the user...

--
Mark Nottingham
mnot@yahoo-inc.com
Received on Thursday, 8 June 2006 16:27:33 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 8 January 2008 14:18:55 GMT