[wp-hackers] Any other way to do it? (or, do we really need Nonces?)

Elliotte Harold elharo at metalab.unc.edu
Sat Mar 3 16:16:50 GMT 2007

Robert Deaton wrote:

> The only issue of this sort that has occured in recent history is the
> short period of time that GWA prefetched links like this, however, the
> decision was reversed due to thousands of other pieces of software
> having issues with these links being prefetched.

That's the most famous example. It's hardly the only one. For example 
see this:


Or consider any personal spider like wget.

There are many other cases. Web clients are well within their rights to 
expect GET to be a safe operation.

HTTP is designed to work a certain way. If you ignore its architecture, 
the best you can hope for is a complicated, messy system full of hacks 
that barely holds together and is increasingly hard to maintain and 
modify over time. The worst you can expect? See the above the link.

Elliotte Rusty Harold  elharo at metalab.unc.edu
Java I/O 2nd Edition Just Published!

More information about the wp-hackers mailing list