Re: From: abuse

montulli@stat1.cc.ukans.edu (Lou Montulli)
Errors-To: secret@www0.cern.ch
Date: Wed, 9 Feb 1994 21:54:41 --100
Message-id: <9402092051.AA33100@stat1.cc.ukans.edu>
Errors-To: secret@www0.cern.ch
Reply-To: www-talk@www0.cern.ch
Originator: www-talk@info.cern.ch
Sender: www-talk@www0.cern.ch
Precedence: bulk
From: montulli@stat1.cc.ukans.edu (Lou Montulli)
To: Multiple recipients of list <www-talk@www0.cern.ch>
Subject: Re: From: abuse
X-Listprocessor-Version: 6.0c -- ListProcessor by Anastasios Kotsikonas
Content-Length: 1811
> 
> So Rob McCool sez to me:
> > I think we need to change this section to read that From: is to be used for
> > logging purposes only, and strike the mention of insecure form of access
> > protection and the section on the person given accepting responsibility for
> > the method performed. The only access protection this would provide is
> > applicable in such a limited context that the information in From: is not
> > useful for more than logging information anyway.
> 
> I agree.  I'm much more interested in clients that can (eventually)
> encrypt a paassword field in a document and send it to the server for
> validation than in ever suggesting that the From: field could be used
> for some sort of access control.  OTOH, I'd just love to have the server
> log that information - there are a number of cases where we could make
> use of user name information in our summary stats.

While we are on that subject.  I would love to see the 
Within? field logged.  There is some field that is supposed to 
be the URI of the document that contained the requested URI.
If we had that logged then we could tell which documents 
had pointers into our data, and we might be able to inform
people who maintain these documents when we move/destroy 
our own docs.

:lou
-- 
  **************************************************************************
  *           T H E   U N I V E R S I T Y   O F   K A N S A S              *
  *         Lou  MONTULLI @ Ukanaix.cc.ukans.edu                           *
  *                         Kuhub.cc.ukans.edu      ACS Computing Services *
  *     913/864-0436        Ukanvax.bitnet             Lawrence, KS 66044  *
  *             UNIX! Cool! I know that!  Jurassic Park - The Movie        *
  **************************************************************************