W3C home > Mailing lists > Public > www-tag@w3.org > February 2010

Re: ACTION-278 Hiding metadata for security reasons

From: Dan Connolly <connolly@w3.org>
Date: Mon, 08 Feb 2010 09:32:55 -0600
To: ashok.malhotra@oracle.com
Cc: Larry Masinter <masinter@adobe.com>, Jonathan Rees <jar@creativecommons.org>, Tyler Close <tyler.close@gmail.com>, "www-tag@w3.org" <www-tag@w3.org>, "Mark S. Miller" <erights@google.com>
Message-ID: <1265643175.3812.866.camel@pav.lan> 
On Sun, 2010-02-07 at 14:50 -0800, ashok malhotra wrote:
> Hi Larry:
> This is useful.
> Non-public URIs provide a weak level of security that is held to be 
> adequate for some usecases.
> I wonder if there is disagreement with the above statement.

I disagree.

The unguessable URI pattern can be made about as secure as you like;
in particular, as secure or more secure than passwords+cookies.


-- 
Dan Connolly, W3C http://www.w3.org/People/Connolly/
gpg D3C2 887B 0F92 6005 C541  0875 0F91 96DE 6E52 C29E
Received on Monday, 8 February 2010 15:32:57 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 26 April 2012 12:48:19 GMT