On 2/24/12 4:48 PM, Ronald Chmara wrote:
On Fri, Feb 24, 2012 at 2:40 PM, Larry Garfield<la...@garfieldtech.com> wrote:
To me, it's just a request for some content, and in a REST API that's
read-only, I just don't care if the consumer sends their request as
GET or POST. I'll cheerfully give them what they wanted.
Except that per HTTP, GET and POST are completely different operations. One
is idempotent and cacheable, the other is not idempotent and not cacheable.
I very much care which someone is using.
People exploiting security would *never* think of
caching/replaying/modifying a POST request, that's just totally
unimaginable! It would take, like HUGE computational effort to like,
cURL it or just type it out!
er, no.
-Ronabop
Please point out where I said that POST not a security risk. I am quite
sure I typed no such thing, so how you read such a thing I do not know.
I am genuinely curious to see how you managed to interpret anything I
said as "POST is secure because it won't be cached".
--Larry Garfield
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
