Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:58160 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 5251 invoked from network); 27 Feb 2012 17:10:47 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 27 Feb 2012 17:10:47 -0000 Authentication-Results: pb1.pair.com header.from=ceo@l-i-e.com; sender-id=pass Authentication-Results: pb1.pair.com smtp.mail=ceo@l-i-e.com; spf=pass; sender-id=pass Received-SPF: pass (pb1.pair.com: domain l-i-e.com designates 67.139.134.202 as permitted sender) X-PHP-List-Original-Sender: ceo@l-i-e.com X-Host-Fingerprint: 67.139.134.202 o2.hostbaby.com FreeBSD 4.7-5.2 (or MacOS X 10.2-10.3) (2) Received: from [67.139.134.202] ([67.139.134.202:2528] helo=o2.hostbaby.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 24/9F-40985-519BB4F4 for ; Mon, 27 Feb 2012 12:10:47 -0500 Received: (qmail 19543 invoked by uid 98); 27 Feb 2012 17:10:44 -0000 Received: from localhost by o2.hostbaby.com (envelope-from , uid 1013) with qmail-scanner-2.05 ( Clear:RC:1(127.0.0.1):. Processed in 0.042149 secs); 27 Feb 2012 17:10:44 -0000 Received: from localhost (HELO www.l-i-e.com) (127.0.0.1) by localhost with SMTP; 27 Feb 2012 17:10:44 -0000 Received: from webmail (SquirrelMail authenticated user ceo@l-i-e.com) by www.l-i-e.com with HTTP; Mon, 27 Feb 2012 11:10:44 -0600 Message-ID: <7c72b0d09e59d3835977511d02707d56.squirrel@www.l-i-e.com> In-Reply-To: <4F4811E6.4050201@garfieldtech.com> References: <8D8E9A0839FE464FBBDF2B499DAFA596@gmail.com> <88ad33db205558862288b3114ef4c391.squirrel@www.l-i-e.com> <4F480C5B.30606@garfieldtech.com> <96462fbc4e243e75b11b455624ac4140.squirrel@www.l-i-e.com> <4F4811E6.4050201@garfieldtech.com> Date: Mon, 27 Feb 2012 11:10:44 -0600 To: internals@lists.php.net User-Agent: SquirrelMail/1.4.21 [SVN] MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal Subject: Re: [PHP-DEV] $_PARAMETERS Super Global Object From: ceo@l-i-e.com ("Richard Lynch") On Fri, February 24, 2012 4:40 pm, Larry Garfield wrote: > On 2/24/12 4:34 PM, Richard Lynch wrote: >> On Fri, February 24, 2012 4:16 pm, Larry Garfield wrote: >>> On 2/24/12 3:28 PM, Richard Lynch wrote: > Except that per HTTP, GET and POST are completely different > operations. > One is idempotent and cacheable, the other is not idempotent and not > cacheable. I very much care which someone is using. If all my operations are idempotent, regardless of the request method, I can and will cache the POST operations, because I know I can do so. In other words: The HTTP spec specifically requires GET to be idempotent, and that implies it is cacheable. Nowhere in the HTTP spec can I find a REQUIREMENT for POST to not be idempotent, or to NOT be cached if it happens to BE idempotent. If I'm wrong please cite your reference. > As Will said in the other reply, there's security implications. (I > don't know who suggested that POST is more secure than GET. I > certainly > didn't.) I know you wouldn't say that. Only total newbies think POST is "more secure" because they just don't understand how they work. > You want your login form operating over POST, not GET, in > large part for the reasons above. Obviously login MUST be POST. It's not idempotent. Authentication to receive the content would also have to be POST, as it's not idempotent. But there is no reason to REQUIRE idempotent requests to be GET, and no specification that I can find that states that it is. The only requirement is that NON-idempotent must *NOT* be GET. -- brain cancer update: http://richardlynch.blogspot.com/search/label/brain%20tumor Donate: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=FS9NLTNEEKWBE