- From: Anne van Kesteren <annevk@opera.com>
- Date: Mon, 04 Feb 2008 13:41:50 +0100
- To: "WAF WG (public)" <public-appformats@w3.org>
On Wed, 30 Jan 2008 22:40:13 +0100, Thomas Roessler <tlr@w3.org> wrote: > Here's a suggestion: > > The solution should not introduce additional attack vectors > against services that are protected only by way of firewalls. This > requirement ddresses "intranet" style services authorize any > requests that can be sent to the service. > > Note that this requirement does not preclude HEAD, OPTIONS, or GET > requests (even with ambient authentication and session > information). > > I would suggest to refrain from any further discussion of what is or > is not possible. Fixed thanks. (Though please check.) -- Anne van Kesteren <http://annevankesteren.nl/> <http://www.opera.com/>
Received on Monday, 4 February 2008 12:38:19 UTC