[3136] in WWW Security List Archive
Re: Potential threat with some HTTP REQUEST METHODS?
daemon@ATHENA.MIT.EDU (mol@ecmwf.int)
Thu Oct 3 23:31:25 1996
From: mol@ecmwf.int
To: ddion@gel.ulaval.ca (Denis Dion Jr.)
Date: Fri, 4 Oct 1996 01:56:23 +0100 (BST)
Cc: www-security@ns2.rutgers.edu (www-sec)
In-Reply-To: <Pine.SUN.3.91.961001200222.24656A-100000@escoumins.gel.ulaval.ca> from "Denis Dion Jr." at Oct 1, 96 08:12:13 pm
Errors-To: owner-www-security@ns2.rutgers.edu
In a previous mail , Denis Dion Jr. wrote :
> But what about these methods? PUT, HEAD, DELETE, LINK, UNLINK
> There doesn't seem to be any available information, even though I just
> read that some of these methods are used to TELL THE SERVER TO
> MODIFY A LINK OR A FILE ON THE SERVER... Seems pretty dangerous isn't it???
>
> Thanks a lot.
>
> Denis Dion Jr.
> Computer Vision and Systems Lab
> Dept. of Electrical Engineering, Laval University
> Quebec, Canada.
>
This is a complement to some answers already given.
There is some information in the following document about configuring
the put and delete methods in the cern/W3C http server:
http://www.w3.org/pub/WWW/Daemon/User/Config/Accessories.html
About the method themselves look at:
http://www.w3.org/pub/WWW/Protocols/HTTP/Methods.html
IETF drafts on the http protocol at:
http://nic.nordu.net:80/ftp/internet-drafts/
(The IETF drafts are mirrored around the world, refer
to the site closer to you)
Refer in particular to:
draft-ietf-http-v10-spec and draft-ietf-http-v11-spec (there are several
versions of each of these documents, and the more "exotic" methods may be
explained in older versions of documents, this is the case for
draft-ietf-http-v10-spec-01).
--
Philippe Parmentier E-mail : P.Parmentier@ecmwf.int
Snail : ECMWF, Shinfield Park, Reading, Berkshire RG2 9AX, U.K.
