I thought that the google web accelerator did all the convincing
anyone needed.  If I recall correctly, a lot of intranets had a
problem with it in that lots of GET operations would alter data.  The
user would be logged in, and gwa would automatically fetch all GET
links.  There'd be no security concerns since deleting records would
be a valid operation for a logged in user.


On 10/15/07, Brian Kotek <[EMAIL PROTECTED]> wrote:
> You're proving my point. Going through your app and changing any <A HREF>
> tag that targets a link that changes data on the server to use POST instead
> of GET *is* an increase in complexity. And, if I understand you correctly,
> you're doing it just to get a pop-up window from your browser? A pop up that
> anyone can ignore, or that a spider can just bypass anyway? When under the
> hood you're still going to have to have logic to make sure the user is
> logged in, and editing data that they are allowed to edit, etc.?
>
> Is this really the best reason someone can offer to justify making all
> data-editing URLs use the POST method? I know it isn't anyone's job here to
> convince me, and that I'm the one ignoring this rule, but so far I'm still
> not seeing any particularly compelling reason to be concerned.
>
>
> On 10/15/07, Jochem van Dieten <[EMAIL PROTECTED]> wrote:
> >
> > Brian Kotek wrote:
> > > I'm aware of this "rule", it just doesn't make any sense to me. In fact,
> > if
> > > adhered to it would add a good bit of complexity to otherwise simple
> > apps.
> >
> > I don't believe it adds complexity for the developer. Have you ever seen
> > that popup that says: "The page you are trying to view contains
> > POSTDATA. If you resend the data, any action the form carried out (such
> > as a search or online purchase) will be repeated. To resend the data,
> > click OK. Otherwise, click Cancel."
> >
> > Have you ever tried coding something like that throughout your entire
> > application? How much complexity did that add compared to just using the
> > proper HTTP method and let the browser take care of warning the user?
> > Not to mention the usability gains in using GET where appropriate and
> > *not* confronting the user with this popup on pages that don't make
> > changes.
> >
> > Jochem
> >
> >
> >
>
>
> 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Enterprise web applications, build robust, secure 
scalable apps today - Try it now ColdFusion Today
ColdFusion 8 beta - Build next generation apps

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:291126
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4

Reply via email to