Re: From: abuse
"William M. Perry" <wmperry@mango.ucs.indiana.edu>
Errors-To: secret@www0.cern.ch
Date: Wed, 9 Feb 1994 22:25:34 --100
Message-id: <9402092112.AA21910@dxmint.cern.ch>
Errors-To: secret@www0.cern.ch
Reply-To: www-talk@www0.cern.ch
Originator: www-talk@info.cern.ch
Sender: www-talk@www0.cern.ch
Precedence: bulk
From: "William M. Perry" <wmperry@mango.ucs.indiana.edu>
To: Multiple recipients of list <www-talk@www0.cern.ch>
Subject: Re: From: abuse
X-Listprocessor-Version: 6.0c -- ListProcessor by Anastasios Kotsikonas
Content-Length: 1250
>According to Archie Warnock:
>> So Rob McCool sez to me:
>> > I think we need to change this section to read that From: is to be
>> > used for logging purposes only, and strike the mention of insecure
>> > form of access protection and the section on the person given
>> > accepting responsibility for the method performed. The only access
>> > protection this would provide is applicable in such a limited context
>> > that the information in From: is not useful for more than logging
>> > information anyway.
>>
>> I agree. I'm much more interested in clients that can (eventually)
>> encrypt a paassword field in a document and send it to the server for
>> validation than in ever suggesting that the From: field could be used
>> for some sort of access control. OTOH, I'd just love to have the server
>> log that information - there are a number of cases where we could make
>> use of user name information in our summary stats.
>
>Which, if any, clients currently support the From: header?
Lynx and the emacs browser both support it, and I think violaWWW does -
not 100% sure on that though. Unless things have changed in the 2.2
release, Mosaic/X does not send it, and I don't think the Mac or Windows
versions do either.
-Bill Perry