- From: Anne van Kesteren <annevk@opera.com>
- Date: Thu, 29 May 2008 10:41:19 +0200
- To: "Jonas Sicking" <jonas@sicking.cc>, "WAF WG (public)" <public-appformats@w3.org>
On Wed, 28 May 2008 03:10:16 +0200, Jonas Sicking <jonas@sicking.cc> wrote: > While it's true that servers need to be prepared for any type of HTTP > requests already, access-control makes it possible to do them using > other users peoples credentials. > > So while we don't need to worry about "bad things happen when this HTTP > request is sent", we do need to worry about "bad things can happen when > this HTTP request is sent by a user with root credentials". Yes, that's why we have Access Control in the first place. We had Allow at some point in the past and we decided it was not needed. Why do you suddenly think it is needed again? -- Anne van Kesteren <http://annevankesteren.nl/> <http://www.opera.com/>
Received on Thursday, 29 May 2008 08:41:28 UTC