W3C home > Mailing lists > Public > www-tag@w3.org > October 2005

Re: Computer Misuse Act breaks WebArch (ws Re: Section 5.4.2 of RFC 3986 not actually 'legal' syntax_)

From: Tyler Close <tyler.close@gmail.com>
Date: Thu, 13 Oct 2005 12:57:26 -0700
Message-ID: <5691356f0510131257r3bd558f5u2ee1472eae269733@mail.gmail.com>
To: "Henry S. Thompson" <ht@inf.ed.ac.uk>
Cc: www-tag@w3.org, Daniel Weitzner <djweitzner@w3.org>, Rigo Wenning <rigo@w3.org>

Hi Henry,

On 10/13/05, Henry S. Thompson <ht@inf.ed.ac.uk> wrote:
> As I read the record (follow the various pointers back from [1]), the
> defendant in the case was sitting at a browser with something along
> the lines of
>
>   http://donate.bt.com/tsunami/relief/appeal/confirmDonation.html
>
> in the address window of his browser, edited this to read
>
>   http://donate.bt.com/tsunami/relief/../../../
>
> and hit Return.
>
> For this he lost his job and has a criminal conviction.

Since you have clearly demonstrated that you know the above URL is for
an unauthorized request, I wonder if you are now liable for the
actions of any web crawlers that index this email. The fact that you
also know this email will be indexed by many web crawlers might also
be relevant.

I wonder if quoting your email also makes me liable.

Tyler

--
The web-calculus is the union of REST and capability-based security:
http://www.waterken.com/dev/Web/

Name your trusted sites to distinguish them from phishing sites.
https://addons.mozilla.org/extensions/moreinfo.php?id=957
Received on Thursday, 13 October 2005 19:57:38 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 26 April 2012 12:47:37 GMT