Re: security requirements (was: Updating RFC 2617 (HTTP Digest) to use UTF-8)

   Which is why I wouldn't think it wise to enable an unsafe  
configuration by default or to encourage such a thing.  But this is  
ultimately the call of the server administrator, and if they wish to  
configure the server to allow plain text over the wire, it's up to  
them, not me.

	-wsv


On Oct 19, 2006, at 3:30 PM, Ingo Struck wrote:

> Keep in mind that "as a server author" you have
> to make best efforts to safeguard the needs of
> your clients and the users thereof -- if you offer
> something they use credulously without realizing
> the negative impacts of using it you could be held
> liable for that, at least your users could accuse you
> of wanton negligence...

Received on Thursday, 19 October 2006 22:31:09 UTC