The other obvious implication is the REQUEST_METHOD environment variable. Just the possibility of an overflow or someone's ill kept script only recognizing 2 different possible request methods, and causing it to act oddly. --Perry > > The problem relates to "allowable" REQUEST_METHODs when a dynamic resource, > such as a CGI script is requested. Essentially _any_ (except for HEAD, > TRACE and OPTIONS) REQUEST_METHOD can be used - even methods not defined in > the HTTP protocol. Consider the following requests which all return the > requested resource. > > > Cheers, > David Litchfield > -- Perry Harrington Director of System Architecture zelur xuniL () http://www.webcom.com perry.harringtonat_private Think Blue. /\
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:27:41 PDT