W3C home > Mailing lists > Public > public-webapi@w3.org > February 2007

RE: XMLHttpRequest for Last Call

From: Julian Reschke <julian.reschke@gmx.de>
Date: Tue, 27 Feb 2007 00:27:56 +0100
Message-ID: <45E36CFC.2080105@gmx.de>
To: Sunava Dutta <sunavad@windows.microsoft.com>
CC: public-webapi@w3.org

Sunava Dutta schrieb:
> Hello Julian,
> We do currently support all WebDAV HTTP verbs from RFC2518.
> 
> 	PROPFIND
> 	PROPPATCH
> 	MKCOL
> 	GET
> 	HEAD
> 	POST
> 	DELETE
> 	PUT
> 	COPY
> 	MOVE
> 	LOCK
> 	UNLOCK
> 
> And also OPTIONS.
> 
> Details available here:
> http://msdn.microsoft.com/library/default.asp?url=/workshop/author/dhtml
> /reference/objects/obj_xmlhttprequest.asp

It's nice to know that you (know) allow the methods that you implement 
in Microsoft products. But what about other methods specified in IETF 
RFCs (RFC3253, RFC3648, RFC3744, ...) -- not invented here, thus evil? 
They (still) do not work. What's the point in putting known methods into 
a white list? By definition, POST is the most insecure methods because 
it can do *anything*, so why restrict anything at all if you allow POST?

Best regards, Julian
Received on Monday, 26 February 2007 23:28:07 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 8 January 2008 14:18:57 GMT