Being safe on the internet (was Re: Here we go again - ISP DPI, but is it interception?)
Clive D.W. Feather
clive at davros.org
Mon Aug 2 14:25:47 BST 2010
Ian Batten said:
>> The server, as in a dedicated host offering professional services
>> should
>> protect itself against anything the "internet" throws against it,
> Except that's both contrary to the law in every other field, and
> incredibly elitist.
I disagree with you and agree with the intent of the statement.
A URL is a string of (to a first approximation) printable characters. A web
server should be able to handle any string of printable characters in the
URL field of the GET request and do something sensible with it. This might
be a 403 or a 404, but it shouldn't be accessing files that it's not
supposed to return to the user and it shouldn't do anything unauthorized.
--
Clive D.W. Feather | If you lie to the compiler,
Email: clive at davros.org | it will get its revenge.
Web: http://www.davros.org | - Henry Spencer
Mobile: +44 7973 377646
More information about the ukcrypto
mailing list