On Thursday 16 April 2009 15:04:15 Steve Harris wrote: > Well, that was just an example. It doesn't alter the concern that > letting external services trigger GET requests from inside a firewall > is a bad idea in general. That's true, but it was a bad example. :-) The main concern, I think, is that it makes it harder to configure the infrastructure to distinguish an unprivileged external user and a privileged internal user. We could make it an optional feature, where the server may send a 403 if it doesn't support it. Then the server admin may decide if they want to accept the risks. Kind regards Kjetil Kjernsmo -- Senior Knowledge Engineer Mobile: +47 986 48 234 Email: kjetil.kjernsmo@computas.com Web: http://www.computas.com/ | SHARE YOUR KNOWLEDGE | Computas AS PO Box 482, N-1327 Lysaker | Phone:+47 6783 1000 | Fax:+47 6783 1001Received on Thursday, 16 April 2009 14:32:49 UTC
This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:00:54 UTC