Re: HTML 2.0 LAST CALL: Security words

Paul Burchard (
Thu, 1 Jun 95 22:58:46 EDT

> > In message
> > <>,
> > David - Morris writes:
> > > 2. The URL display field(s) provided my many user agents
> Since when are URLs so sensitive that the user should't
> know the address of the document s/he's looking at?

One way that information about URLs can become a security
consideration is if, in following a link from a secure document X on
one server, to some document Y on another server, the user agent
tells Y's server that the "Referer" was X. This reveals information
about the supposedly secure document X (first, that it exists, and
second, that it contained a link to Y).

Paul Burchard <>
``I'm still learning how to count backwards from infinity...''