On Fri, Dec 14, 2007 at 03:14:48PM +1300, Ben Hoyt wrote: > > Thats dangerous. But isn't that the duty of webserver? > > > > Yeah, I also wondered whether Apache would filter it out. But it doesn't, > and on second thoughts, I don't think it is the duty of the web server, > because there are loads of semi-custom HTTP methods, like the ones that > webdav/svn uses, and people sometimes use their own custom ones, too. Here's > a list of HTTP methods I found: > http://annevankesteren.nl/2007/10/http-methods > > But I figure most people won't be using PROPFIND with web.py. And if they > want to, they can always add it to valid_methods.
Option one: Apache limit by method. Option two: by convention or standard, all HTTP methods are all caps. Why not simply filter out all methods that doen't start with a capital letter? (or methods that are all capitals). -- David Terrell [EMAIL PROTECTED] ((meatspace)) http://meat.net/ --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "web.py" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/webpy?hl=en -~----------~----~----~----~------~----~------~--~---
