Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:58044 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 70107 invoked from network); 24 Feb 2012 22:54:55 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 24 Feb 2012 22:54:55 -0000 Authentication-Results: pb1.pair.com header.from=larry@garfieldtech.com; sender-id=unknown Authentication-Results: pb1.pair.com smtp.mail=larry@garfieldtech.com; spf=permerror; sender-id=unknown Received-SPF: error (pb1.pair.com: domain garfieldtech.com from 66.111.4.29 cause and error) X-PHP-List-Original-Sender: larry@garfieldtech.com X-Host-Fingerprint: 66.111.4.29 out5-smtp.messagingengine.com Received: from [66.111.4.29] ([66.111.4.29:53067] helo=out5-smtp.messagingengine.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 37/B1-17132-F35184F4 for ; Fri, 24 Feb 2012 17:54:55 -0500 Received: from compute4.internal (compute4.nyi.mail.srv.osa [10.202.2.44]) by gateway1.nyi.mail.srv.osa (Postfix) with ESMTP id 321E8208C2 for ; Fri, 24 Feb 2012 17:54:53 -0500 (EST) Received: from frontend2.nyi.mail.srv.osa ([10.202.2.161]) by compute4.internal (MEProxy); Fri, 24 Feb 2012 17:54:53 -0500 DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d= messagingengine.com; h=message-id:date:from:mime-version:to :subject:references:in-reply-to:content-type :content-transfer-encoding; s=smtpout; bh=2sAgRHBnxq2BYkqaEyXLz6 nbNO8=; b=Mk6mwogXA5vkd4NQlemBYCJELk/2basA9ZKwsgR5cln+AtmQYESDnL IAZ19diEINeSwnUbrW7PVdGg4mCGSnHIQY4hf9U1ErCw3vS7SKtWWT5noxVfWRFv UsNNWxSflfBYJ2qDaOkR3ycRlQjGOjk9zZeiM0LQgrx4sSxIXKQvA= X-Sasl-enc: 3LJb2pLjV8sj9jaWspN/hFH/N9e7kdE+f73ig9P0uBlU 1330124093 Received: from garfield.ad.palantir.net (unknown [209.41.114.202]) by mail.messagingengine.com (Postfix) with ESMTPSA id 048F64825E9 for ; Fri, 24 Feb 2012 17:54:52 -0500 (EST) Message-ID: <4F48153C.7040406@garfieldtech.com> Date: Fri, 24 Feb 2012 16:54:52 -0600 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:10.0.2) Gecko/20120216 Thunderbird/10.0.2 MIME-Version: 1.0 To: internals@lists.php.net References: <8D8E9A0839FE464FBBDF2B499DAFA596@gmail.com> <88ad33db205558862288b3114ef4c391.squirrel@www.l-i-e.com> <4F480C5B.30606@garfieldtech.com> <96462fbc4e243e75b11b455624ac4140.squirrel@www.l-i-e.com> <4F4811E6.4050201@garfieldtech.com> In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: [PHP-DEV] $_PARAMETERS Super Global Object From: larry@garfieldtech.com (Larry Garfield) On 2/24/12 4:48 PM, Ronald Chmara wrote: > On Fri, Feb 24, 2012 at 2:40 PM, Larry Garfield wrote: >>> To me, it's just a request for some content, and in a REST API that's >>> read-only, I just don't care if the consumer sends their request as >>> GET or POST. I'll cheerfully give them what they wanted. >> Except that per HTTP, GET and POST are completely different operations. One >> is idempotent and cacheable, the other is not idempotent and not cacheable. >> I very much care which someone is using. > > People exploiting security would *never* think of > caching/replaying/modifying a POST request, that's just totally > unimaginable! It would take, like HUGE computational effort to like, > cURL it or just type it out! > > er, no. > > -Ronabop Please point out where I said that POST not a security risk. I am quite sure I typed no such thing, so how you read such a thing I do not know. I am genuinely curious to see how you managed to interpret anything I said as "POST is secure because it won't be cached". --Larry Garfield