RE: whenToUseGet-7 counter-proposal from Mike Dierken on 2002-04-24 (www-tag@w3.org from April 2002)

From: Mike Dierken <mike@dataconcert.com>
Date: Wed, 24 Apr 2002 12:06:59 -0700
To: www-tag@w3.org
Message-ID: <2AE31649CF989F4FB354F6D95EB0CE6E5CEC3C@xmlfmail.xmlfund.com>

XML-Protocol has messages with explicit 'mustUnderstand' flags. HTTP has
messages with implied 'mustUnderstand' semantics.
In both cases, you can't technologically guarantee that the implementation
that processes the message will actually observe the 'mustUnderstand'
intent. And in both cases, the sender will expect to be held non-liable for
any damages from intentionally or unintentionally incorrect receiver
implementations. 
Pleading "but I don't want to read the spec" won't help.

I've built HTTP systems that violently abused GET in order to provide a more
friendly user experience - luckily we had security and spiders didn't damage
the information. But I acknowledged that this abuse was intentional and I
accepted responsibility for potentially faulty server implementations that
may have accidentally allowed data to be deleted.

I don't see a problem with the application known as WWW specifying a
contractual obligation that 'GET should be safe'. 

Mike

> -----Original Message-----
> From: Joshua Allen [mailto:joshuaa@microsoft.com] 
> Sent: Tuesday, April 23, 2002 10:38 PM
> To: Paul Prescod
> Cc: LMM@acm.org; www-tag@w3.org
> Subject: RE: whenToUseGet-7 counter-proposal
> 
> 
> > The whole point of mandating GET be safe is to allow 
> systems to rely 
> > upon that knowledge. Search engines would not exist were it not for
> the
> 
> reco-Mendating GET to be safe is a great goal.  But if you 
> are advising people to *trust* that any GET is safe, then I 
> suggest that you clarify the scope of that guarantee.  I like 
> my original wording better, but I would also accept:
> 
> "The above recommendation is being made because non-safe use 
> of GET is a widespread problem.  This recommendation has no 
> way of stopping people from using GET in an unsafe manner, 
> but is intended to educate. Therefore, you should NOT trust 
> URLs (and particularly those with
> querystrings) that were deployed before this recommendation 
> became effective, and you MAY trust URLs that are deployed 
> after, to the degree that you expect the whole world to drop 
> what they are doing and start following this guideline."
>

Received on Wednesday, 24 April 2002 15:08:10 UTC