- From: Ian Hickson <ian@hixie.ch>
- Date: Wed, 7 Jun 2006 23:41:39 +0000 (UTC)
- To: Mark Nottingham <mnot@yahoo-inc.com>
- Cc: "Web APIs WG (public)" <public-webapi@w3.org>
On Wed, 7 Jun 2006, Mark Nottingham wrote: > > Blindly standardising what one vendor does doesn't make sense; do you > know *why* they consider it a security feature? > > The reputed security problems with various HTTP methods have been > brought up many times, but I have yet to see an explanation of how they > actually cause a security issue greater than supporting POST does. Beyond curiosity, does it matter why? There's no point us publishing a spec that contradicts Microsoft's implementation if Microsoft's implementation is not going to change (which it isn't, if the reason for it being the way it is is Security). -- Ian Hickson U+1047E )\._.,--....,'``. fL http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,. Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
Received on Wednesday, 7 June 2006 23:41:46 UTC