<br><br><div class="gmail_quote">On 4 August 2010 08:15, Francis Davey <span dir="ltr"><<a href="mailto:fjmd1a@gmail.com">fjmd1a@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<br>
However, that's all beside the point. This thread seems to be<br>
wandering all over the place and this is partly because there's<br>
confusion between:<br>
<br>
* what people think might or might not be morally right in general<br>
concerning URL truncation<br>
* whether URL truncation constitutes unauthorized access within the<br>
meaning of section 1 of the Computer Misuse Act 1990<br>
<br>
</blockquote><div><br>Or is the point that people are becoming confused between URL truncation and a "Directory Traversal Attack", using the well-known '/../' syntax (just the same as, at the time, appending '.' to a .php URL often gave you the script source rather than the product)? Although Peter's pdf doesn't make it clear although other contemporaneous sources (<a href="http://www.samizdata.net/blog/archives/008118.html">http://www.samizdata.net/blog/archives/008118.html</a>) do mention the method.<br>
<br>I would agree with the general comment here that URL truncation is a perfectly legitimate web browsing method (especially when you are following a link that gives you an error page.) I wouldn't agree that discussion of URL truncation in respect of the Cuthbert case (regardless of whether his conviction was sound either in law or in morality) is particularly relevant.<br>
<br>Matthew<br></div></div><br clear="all"><br>-- <br>Matthew Pemble<br><br><br>