W3C home > Mailing lists > Public > www-ws-arch@w3.org > January 2003

RE: Issue 5; GET vs GetLastTradePrice

From: David Orchard <dorchard@bea.com>
Date: Thu, 2 Jan 2003 11:25:54 -0800
To: "'Mark Baker'" <distobj@acm.org>
Cc: <www-ws-arch@w3.org>
Message-ID: <009001c2b294$c56771b0$9d0ba8c0@beasys.com>



> -----Original Message-----
> From: Mark Baker [mailto:distobj@acm.org]
> Sent: Thursday, January 02, 2003 11:13 AM
> To: David Orchard
> Cc: www-ws-arch@w3.org
> Subject: Re: Issue 5; GET vs GetLastTradePrice
>
> > 3. The web security model is pretty badly broken in some
> areas.  The very
> > fact that a server can't time-out an HTTP log-in,
>
> Erm, yes it can.  A server can send a 401 any time it feels like it,
> for any reason.
>

So you think authentication and time-outs on the Web are just fine and
working as designed?

Cheers,
Dave
Received on Thursday, 2 January 2003 14:29:29 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 3 July 2007 12:25:12 GMT