That's fine, but it doesn't change anything in my mind. Just because a crawler won't submit a form doesn't mean that a user (or a non-compliant crawler) won't. It's also not complicated for a user to modify the headers to issue a post instead of a get or vice versa. The point being, if you have something that can trigger a data change, you have to assume someone can execute it regardless of whether it is a POST or a GET and regardless of whether it was initiated by a crawler or something else. It's far more critical in my mind to make sure that only people or agents that you want to be changing data can actually change the data. The triviality of whether the request was a POST or a GET seems to mean nothing. I think that forcing data change requests to be POSTS is just forcing an extra limitation on the usefulness of the application (I personally think being able to do something via a form post as well as a simple URL GET request is a very handy thing), when you're still going to have to have the proper logic in place to make sure the data change is valid in the first place.
I suppose the summary here is that I know this rule exists, and I know why it exists. It just doesn't seem to have any real bearing on anything other than to add complexity while at the same time reducing flexibility. To me, it smacks of a carryover from the early days of the web that doesn't mean much in the current environment. On 10/15/07, Dave Watts <[EMAIL PROTECTED]> wrote: > > > I'm aware of this "rule", it just doesn't make any sense to > > me. In fact, if adhered to it would add a good bit of > > complexity to otherwise simple apps. > > I've seen the Rails folks obsessing about this, where they > > are forcing some normal URLs to be POST, and likewise forcing > > some forms to be GET, for no benefit at all other than to > > obey this seemingly pointless rule. > > Crawlers submit GET requests, but not POST requests. > > Dave Watts, CTO, Fig Leaf Software > http://www.figleaf.com/ > > Fig Leaf Software provides the highest caliber vendor-authorized > instruction at our training centers in Washington DC, Atlanta, > Chicago, Baltimore, Northern Virginia, or on-site at your location. > Visit http://training.figleaf.com/ for more information! > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| ColdFusion 8 - Build next generation apps today, with easy PDF and Ajax features - download now http://download.macromedia.com/pub/labs/coldfusion/cf8_beta_whatsnew_052907.pdf Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:291108 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
