[OpenAjaxSecurity] Fw: GET vs HEAD vs OPTIONS

Emmanouil Batsis (Manos) manos at abiss.gr
Fri Jan 4 11:51:09 PST 2008


It looks like their plumbing works throughout two architecture layers: 
HTTP and XML PIs. For the latter to work and to simplify the design, 
they have assumed the HTTP response body is always required.

This could be redesigned to use HTTP more efficiently along with the XML 
PI stuff, but that job belongs to the WAF WG and mere mortals have other 
things to do. In any case, I doubt one would manage to argue a way 
beyond their immediate agenda of getting a CR out the door.

Cheers,

Manos


-- 
Manos Batsis, Chief Technologist
          __    _
   ____ _/ /_  (_)_________ ____ ______
  / __ `/ __ \/ / ___/ ___// __ `/ ___/
/ /_/ / /_/ / (__  |__  )/ /_/ / /
\__,_/_.___/_/____/____(_)__, /_/
                         /____/

5, Daphnidos Street,
14122, Neo Iraklio,
Athens, Greece

Tel: +30 210 2851517
Mob: +30 694 8376942

http://dev.abiss.gr

"BSD code is free code to be used in software. GPL code is code to be 
used in free software." Kjella (173770), Slashdot


More information about the security mailing list