W3C home > Mailing lists > Public > www-tag@w3.org > March 2007

Re: State, when to use GET, and accountability

From: Jon Hanna <jon@hackcraft.net>
Date: Tue, 06 Mar 2007 12:14:53 +0000
Message-ID: <45ED5B3D.6040600@hackcraft.net>
To: www-tag@w3.org

noah_mendelsohn@us.ibm.com wrote:
> I'm not concerned so much with cases in which a cache is being used on 
> behalf of a single user of HTTP;  my real concern was about shared proxy 
> caches, which are quite common.  With those, you might request some 
> information using HTTP GET, and your access would be appropriately 
> recorded at the origin server.   My concern is with the case in which I 
> come along to request the same information, but a proxy cache somewhere in 
> the network satisfies the request without contacting the origin server. My 
> access is likely not recorded, except in the unusual special case that the 
> proxy and the origin server are cooperating on maintaining the audit 
> trail.

Is this really an issue.

Sure someone could fail to send must-revalidate headers, but they could 
also forget to make sure they logging application has write permissions 
where it should be logging and the logs aren't all silently failing.

Bugs happen, but the specs cover this concern already.
Received on Tuesday, 6 March 2007 12:16:23 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 7 January 2015 15:32:51 UTC