- From: Jasper Bryant-Greene <jasper@album.co.nz>
- Date: Wed, 26 Oct 2005 18:59:48 +1300
On Tue, 2005-10-25 at 22:50 -0700, Mike Dierken wrote: > > S. Mike Dierken wrote: > > >> I'm not sure where this idea has come from that sending POSTs is > > >> inherently unsafe (which, by the way, no-one has offered a good > > >> explanation for yet). > > > > > > POST requests are unsafe because the intent is to modify the data > > > identified by the resource - data modification is tagged as > > being 'unsafe'. > > > > I think your confusing this with the fact that using GET > > requests for data modification is unsafe, and seem to be > > saying that POST is unsafe when used as intended!? > > > Yes - I'm trying to use the terms 'safe' and 'unsafe' to mean 'read-only' > and 'not read-only', respectively. > That's the usage of 'safe' and 'unsafe' with respect to HTTP that I'm > familiar with. > > For example, which (if any) of the following two FORMs is 'safe': > > <form method='GET' action='../cgi-bin/nifty.cgi'> > <input type='submit' value='go' /> > </form> > > <form method='POST' action='../cgi-bin/nifty.cgi'> > <input type='submit' value='go' /> > </form> > I don't see anything particularly unsafe about either of them, but I think I can see what you're getting at. Perhaps "without side-effects" or "idempotent" might be better descriptions than "safe"? The above two forms both look like they're doing exactly what they were intended to do, and therefore don't seem "unsafe" at all... -- Jasper Bryant-Greene General Manager Album Limited e: jasper at album.co.nz w: http://www.album.co.nz/ p: 0800 4 ALBUM (0800 425 286) or +64 21 232 3303 a: PO Box 579, Christchurch 8015, New Zealand
Received on Tuesday, 25 October 2005 22:59:48 UTC