W3C home > Mailing lists > Public > w3c-dist-auth@w3.org > October to December 1998

Re: Properties of References

From: Greg Stein <gstein@lyra.org>
Date: Wed, 16 Dec 1998 12:36:47 -0800
Message-ID: <367819DE.E34B525@lyra.org>
To: w3c-dist-auth@w3.org
Slein, Judith A wrote:
> 2.  Replace the Re-Direct header with a No-Passthrough header that can be
> applied to any reference, direct or redirect.  This header asks the server
> to apply the request to the reference itself, rather than to its target
> resource.
> ...

Random thought: there is a weird correlation here between this
No-Passthrough header and the "source link". For example, could
No-Passthrough potentially be used to grab an ASP file rather than its
execution result?

Just popped into my head, so I thought I'd mention it. The source link
does seem a bit nicer for security issues (because you secure based on
URL rather than the presence of a header), but No-Passthrough seems
handier for grabbing source (text or binary).


Greg Stein, http://www.lyra.org/
Received on Wednesday, 16 December 1998 15:34:05 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 7 January 2015 15:01:18 UTC