Paul Hoffman / IMC wrote:
At 1:47 PM -0800 11/4/04, Dare Obasanjo wrote:
I'll note that there isn't much difference between this scenario and Malicious user X just issuing HTTP redirects to the unrelated service thus bypassing Atom-Error header which is less likely to be supported than HTTP redirects anyway.
I agree with Dare. A malicious feed emitter can do pretty much equivalent damage in many ways.
I don't understand what Dare is saying. How do I get someone to send a POST with a redirect? Dare's response was that some GETs are unsafe... ok fine, but not really the same problem.
Robert Sayre
