W3C home > Mailing lists > Public > public-webapps@w3.org > April to June 2008

TRACK, was: LC comments.

From: Julian Reschke <julian.reschke@gmx.de>
Date: Fri, 13 Jun 2008 16:49:58 +0200
Message-ID: <48528916.9030003@gmx.de>
To: Anne van Kesteren <annevk@opera.com>
CC: Yves Lafon <ylafon@w3.org>, public-webapps@w3.org

Anne van Kesteren wrote:
>> Well, magic is quite scary, I'd rather have a statement explaining 
>> roughly what TRACK is about (something non standard, not well 
>> documented, and quite similar in functionnality to TRACE).
> 
> The specification says "Note: TRACK poses a security issue to legacy 
> server deployments." What is not good about that?

TRACK is specific to a legacy version of IIS, and not documented 
anywhere (right?).

So, I think the proper way to deal with this is either to be silent, or 
to add this as an implementor's note in an appendix.

Requiring implementors to put in workarounds for something that is 
neither documented nor shipping in current server versions is really 
hard to accept.

BR, Julian
Received on Friday, 13 June 2008 14:50:44 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:25 GMT