David Terrell wrote: > On Fri, Dec 14, 2007 at 03:14:48PM +1300, Ben Hoyt wrote: >>> Thats dangerous. But isn't that the duty of webserver? >>> >> Yeah, I also wondered whether Apache would filter it out. But it doesn't, >> and on second thoughts, I don't think it is the duty of the web server, >> because there are loads of semi-custom HTTP methods, like the ones that >> webdav/svn uses, and people sometimes use their own custom ones, too. Here's >> a list of HTTP methods I found: >> http://annevankesteren.nl/2007/10/http-methods >> >> But I figure most people won't be using PROPFIND with web.py. And if they >> want to, they can always add it to valid_methods. > > > Option one: Apache limit by method. > Option two: by convention or standard, all HTTP methods are all caps. Why > not simply filter out all methods that doen't start with a capital letter? > (or methods that are all capitals).
That just reduces the scope of the problem instead of fixing it. I favour Ben's solution on this one. Also; web.py is a server iself, too. So it should still take care of this, in the end. (Assuming that server also allows these weird methods.) b^4 --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "web.py" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/webpy?hl=en -~----------~----~----~----~------~----~------~--~---
