Re: HTML 2.0 LAST CALL: Security words

Daniel W. Connolly (connolly@beach.w3.org)
Thu, 1 Jun 95 22:35:35 EDT

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Daniel W. Connolly: "Re: HTML 2.0 LAST CALL: Numeric character refs"
Previous message: Paul Burchard: "Re [LAST CALL]: progress on HTML 2.0 reconstruction"

In message <Pine.SUN.3.90.950601103934.12939D-100000@jobe.shell.portal.com>, Da
vid - Morris writes:
>
>1. The http server log file which logs the GET request

Clearly an HTTP security consideration, not HTML.

>2. The URL display field(s) provided my many user agents

Since when are URLs so sensitive that the user should't know the
address of the document s/he's looking at?

> Information providers should also be aware that some current user
> agents ignore the METHOD=POST specification and hence subject
> all sensitive information to the above risk.

Blech. Do they really? I don't want to put this in the spec. If
somebody feels strongly that it should be included, let me know.

Dan

Next message: Daniel W. Connolly: "Re: HTML 2.0 LAST CALL: Numeric character refs"
Previous message: Paul Burchard: "Re [LAST CALL]: progress on HTML 2.0 reconstruction"