Being safe on the internet (was Re: Here we go again - ISP DPI, but is it interception?)
James Firth
james2 at jfirth.net
Mon Aug 2 14:41:22 BST 2010
Clive D.W. Feather wrote:
> Ian Batten said:
> >> The server, as in a dedicated host offering professional services
> >> should
> >> protect itself against anything the "internet" throws against it,
> > Except that's both contrary to the law in every other field, and
> > incredibly elitist.
Thank you for banking home your point but I have to respectfully disagree.
I argue it's a pragmatic approach and in no way elitist.
> I disagree with you and agree with the intent of the statement.
>
> A URL is a string of (to a first approximation) printable characters. A
> web
> server should be able to handle any string of printable characters in
> the
> URL field of the GET request and do something sensible with it. This
> might
> be a 403 or a 404, but it shouldn't be accessing files that it's not
> supposed to return to the user and it shouldn't do anything
> unauthorized.
Also springs to mind the oft-used example of a person attempting to
transport an open and unprotected case of gold coins through a crowded
market. Is it criminal intent if otherwise law-abiding townsfolk attempt to
grab a handful of coins?
James Firth
More information about the ukcrypto
mailing list