- From: Ari Luotonen <luotonen@netscape.com>
- Date: Thu, 14 Sep 1995 15:50:13 -0700 (PDT)
- To: Shel Kaphan <sjk@amazon.com>
- Cc: http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
> > > 2. Proxies should be allowed to forward requests for methods that they > > > do not understand, instead of being required to return 501. > > conditionally or uncondititonally? > > I'd prefer if they MUST forward requests, with certain constraints > (e.g. when no protocol translation is required), but that might not be > backward compatible enough. Absolutely not. New methods can open up new security leaks from inside of firewall, and the default should always be to deny access to something that the firewall proxy doesn't understand. Cheers, -- Ari Luotonen ari@netscape.com Netscape Communications Corp. http://home.netscape.com/people/ari/ 501 East Middlefield Road Mountain View, CA 94043, USA Netscape Server Development Team
Received on Thursday, 14 September 1995 15:52:47 UTC