- From: Julian Reschke <julian.reschke@gmx.de>
- Date: Tue, 27 Feb 2007 00:27:56 +0100
- To: Sunava Dutta <sunavad@windows.microsoft.com>
- CC: public-webapi@w3.org
Sunava Dutta schrieb: > Hello Julian, > We do currently support all WebDAV HTTP verbs from RFC2518. > > PROPFIND > PROPPATCH > MKCOL > GET > HEAD > POST > DELETE > PUT > COPY > MOVE > LOCK > UNLOCK > > And also OPTIONS. > > Details available here: > http://msdn.microsoft.com/library/default.asp?url=/workshop/author/dhtml > /reference/objects/obj_xmlhttprequest.asp It's nice to know that you (know) allow the methods that you implement in Microsoft products. But what about other methods specified in IETF RFCs (RFC3253, RFC3648, RFC3744, ...) -- not invented here, thus evil? They (still) do not work. What's the point in putting known methods into a white list? By definition, POST is the most insecure methods because it can do *anything*, so why restrict anything at all if you allow POST? Best regards, Julian
Received on Monday, 26 February 2007 23:28:07 UTC