- From: David Orchard <dorchard@bea.com>
- Date: Thu, 2 Jan 2003 11:25:54 -0800
- To: "'Mark Baker'" <distobj@acm.org>
- Cc: <www-ws-arch@w3.org>
> -----Original Message----- > From: Mark Baker [mailto:distobj@acm.org] > Sent: Thursday, January 02, 2003 11:13 AM > To: David Orchard > Cc: www-ws-arch@w3.org > Subject: Re: Issue 5; GET vs GetLastTradePrice > > > 3. The web security model is pretty badly broken in some > areas. The very > > fact that a server can't time-out an HTTP log-in, > > Erm, yes it can. A server can send a 401 any time it feels like it, > for any reason. > So you think authentication and time-outs on the Web are just fine and working as designed? Cheers, Dave
Received on Thursday, 2 January 2003 14:29:29 UTC