On 7 Nov 2012, at 11:26, Stefan Fritsch wrote: > considering the current state of web security, the old principle of "be > liberal in what you accept" seems increasingly inadequate for web servers. It > causes lots of issues like response splitting, header injection, cross site > scripting, etc. The book "Tangled Web" by Michal Zalewski is a good read on > this topic, the chapter on HTTP is available for free download at > http://nostarch.com/tangledweb .
> If a method is not registered, bail out early. Good idea, but it would be nice to be able to use <Limit> or <LimitExcept> to re-allow it. -- Tim Bannister – [email protected]
smime.p7s
Description: S/MIME cryptographic signature
