[wp-hackers] Any other way to do it? (or,
do we really need Nonces?)
Elliotte Harold
elharo at metalab.unc.edu
Sat Mar 3 16:16:50 GMT 2007
Robert Deaton wrote:
> The only issue of this sort that has occured in recent history is the
> short period of time that GWA prefetched links like this, however, the
> decision was reversed due to thousands of other pieces of software
> having issues with these links being prefetched.
>
That's the most famous example. It's hardly the only one. For example
see this:
http://www.thedailywtf.com/forums/65974/ShowPost.aspx
Or consider any personal spider like wget.
There are many other cases. Web clients are well within their rights to
expect GET to be a safe operation.
HTTP is designed to work a certain way. If you ignore its architecture,
the best you can hope for is a complicated, messy system full of hacks
that barely holds together and is increasingly hard to maintain and
modify over time. The worst you can expect? See the above the link.
--
Elliotte Rusty Harold elharo at metalab.unc.edu
Java I/O 2nd Edition Just Published!
http://www.cafeaulait.org/books/javaio2/
http://www.amazon.com/exec/obidos/ISBN=0596527500/ref=nosim/cafeaulaitA/
More information about the wp-hackers
mailing list