W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > September to December 1995

Re: Server Hacking

From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Mon, 16 Oct 1995 11:11:23 -0700 (PDT)
To: Laurent Demailly <dl@hplyot.obspm.fr>
Cc: rg@server.net, http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
Message-Id: <Pine.SOL.3.91.951016110640.229B-100000@chivalry>
On Mon, 16 Oct 1995, Laurent Demailly wrote:
> somehow what 'tool' is used.... Of course ppl can joke/cheat, but
> unless you get digital signature of headers you can not avoid it
> {is that forseen ?}
> 

It's part of HTTP-NG. I wasn't really thinking about the dangers of 
people giving fake user-agents (leading to deaths by the 1,000); more on 
the lines of supporting legally enforceable negotation options (for 
example, those options dealing with the logging of requests and their 
further redistribution). The mechanism will allow you to sign your 
user-agent headers as well, but unless you've got one of those 1ms RSA 
chips, that would be silly.

Simon

-----
(defun modexpt (x y n)  "computes (x^y) mod n"
  (cond ((= y 0) 1) 	((= y 1) (mod x n))
	((evenp y) (mod (expt (modexpt x (/ y 2) n) 2) n))
	(t (mod (* x (modexpt x (1- y) n)) n))))
Received on Monday, 16 October 1995 11:13:16 EDT

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:31:34 EDT