Because it's less strict. If you're not explicitly referencing the method,it becomes that much easier to rewrite something, unwittingly or not.
Isn't that a plus?
Calling it a "security hole" is a misnomer; it's not technically a"security hole" - it's just a bad practice in terms of security. It's also bad form generally. As a software developer you shouldn't just handle all requests the same. If a client uses a POST method rather than a GET method as you want it to be handled, it _shouldn't_ be handled the same. You're putting all request methods in the same namespace, and it's a lazy (and notin the good way) to handle data in your application.
As long as there are no security problems, isn't this flexibility a good thing?
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ UPHPU mailing list [email protected] http://uphpu.org/mailman/listinfo/uphpu IRC: #uphpu on irc.freenode.net
