On Thu, 17 Jan 2008 21:42:10 +0100, Ian Hickson <[EMAIL PROTECTED]> wrote:
On Thu, 17 Jan 2008, Mark Baker wrote:
On 1/17/08, Jonas Sicking <[EMAIL PROTECTED]> wrote:
The specific attack I was worried about was SOAP service providers.
These work by accepting XML data through POSTs and and can perform
potentially dangerous operations.
Dangerous operations aren't specific to SOAP. Any POST-accepting
resource can do them.
In practice, servers can be separated into two groups: those that check
the submission MIME type, and those that just assume one.
[...]
This is now covered by the FAQ under "Why is POST not treated identically
to GET?".
--
Anne van Kesteren
<http://annevankesteren.nl/>
<http://www.opera.com/>
