Re: HTML 2.0 LAST CALL: Security words

Paul Burchard (burchard@horizon.math.utah.edu)
Thu, 1 Jun 95 22:58:46 EDT

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Daniel W. Connolly: "Re: Last call: Intro, SGML, MIME sections"
Previous message: Daniel W. Connolly: "Re: HTML 2.0 LAST CALL: Numeric character refs"

> > In message
> > <Pine.SUN.3.90.950601103934.12939D-100000@jobe.shell.portal.com>,
> > David - Morris writes:
> > > 2. The URL display field(s) provided my many user agents
>
> Since when are URLs so sensitive that the user should't
> know the address of the document s/he's looking at?

One way that information about URLs can become a security
consideration is if, in following a link from a secure document X on
one server, to some document Y on another server, the user agent
tells Y's server that the "Referer" was X. This reveals information
about the supposedly secure document X (first, that it exists, and
second, that it contained a link to Y).

--------------------------------------------------------------------
Paul Burchard <burchard@math.utah.edu>
``I'm still learning how to count backwards from infinity...''
--------------------------------------------------------------------

Next message: Daniel W. Connolly: "Re: Last call: Intro, SGML, MIME sections"
Previous message: Daniel W. Connolly: "Re: HTML 2.0 LAST CALL: Numeric character refs"