- From: Graham Parks <GRAHAM@UTSIRE.COM>
- Date: Sat, 31 Mar 2007 13:36:35 +0000
- To: www-talk@w3.org
Hi, As specced in RFC2616, the 301 response code allows the server* to arbitrarily and permanently change the configuration of a user agent. Thus anything from a temporary misconfiguration of the server to a deliberate attack can cause a bookmark or automated client to never work again (unless the user has backups). I'm shocked there's no verbiage in the spec pointing out this pitfall. Am I missing something? (* or rather the currently connected network, since there's no guarantee you're speaking to the original server) Graham
Received on Sunday, 1 April 2007 16:17:26 UTC