Re: URI serialization issues

>On Jan 17, 2006, at 11:34 AM, Mark Baker wrote:
>
>>
>>In the HTTP binding part of the protocol[1], the advice as to whether
>>or not a URI serialization for the query is suitable is given as;
>>
>>"The GET binding should be used except in cases where the URL-encoded
>>query exceeds practicable limits, in which case the POST binding
>>should be used."
>>
>>Due to the considerations in the "security" section about possible
>>denial-of-service attacks, combined with the assumed "do no harm"
>>(safety) aspect of GET, I think it's quite reasonable for a service
>>provider not to expose potentially expensive queries via URI+GET.
>>
>>I still like the idea of a SHOULD-level requirement for using URIs
>>though, so perhaps something like this could be said;
>>
>>"The GET binding SHOULD be used except in the following cases, in
>>which case the POST binding SHOULD be used;
>>
>>   o where the URL-encoded query exceeds practicable length limits
>>   o where the cost of processing the query may be prohibitive (see
>>Section 3.1, "Security")"
>
>We just voted to publish a new LC protocol document. But I favor this patch,

+1

Pat



-- 
---------------------------------------------------------------------
IHMC		(850)434 8903 or (650)494 3973   home
40 South Alcaniz St.	(850)202 4416   office
Pensacola			(850)202 4440   fax
FL 32502			(850)291 0667    cell
phayesAT-SIGNihmc.us       http://www.ihmc.us/users/phayes

Received on Tuesday, 17 January 2006 21:07:59 UTC