W3C home > Mailing lists > Public > www-talk@w3.org > November to December 1996

Re: HTTP header suggestion/request

From: Benjamin Franz <snowhare@netimages.com>
Date: Fri, 8 Nov 1996 06:52:45 -0800 (PST)
To: www-talk@w3.org
Message-ID: <Pine.LNX.3.95.961108063559.12553A-100000@ns.viet.net>
On Fri, 8 Nov 1996, MegaZone wrote:

> Once upon a time Benjamin Franz shaped the electrons to say...
> >most sites that do this do. There is no real reason to feed it out of the
> >script itself. This also allows you to try to load balance download sites
> 
> Yes there is - lawyers.  They wanted it so that there was no way to the
> file except via the script which contains a licensing agreement.  Redirecting
> to another URL would allow that URL to leak and people to get the code
> directly.

They are in a fool's paradise if they think that hiding it behind a script
can force people to see the license. I could mention the MAJOR adult web
site that has placed their authentication on one server and their files
and search engine on a *different* server - and trusted to the fact they
used a POST method form to shield the search engine from direct
unauthorized access. They were wrong. 

If you want to make sure people read your license - put the files behind
an .htaccess wall and make them ONLY accessible with a login password that
is changed daily and given on the license page. And make the login realm
a confirmation message for the license. Still won't stand up in a court
though. Nothing not using cryptographic certs will (and not even those in 
all states).

> Yes - cookies could maintain state - and exclude a lot of people.

Not as many people as *very experimental* extensions to HTTP. Well over
90% of browsers tdoay support cookies. There are other approaches as well
- such as putting the files in a directory that you move nightly (or
hourly, or by the minute if you are paranoid enough) to a new location.
That is what I did for a client with several images that kept getting
directly linked (at a cost of tens of thousands of useless to them hits
per day). No fixed locations - no fixed links - no problems.  Took about
ten lines of perl. 

-- 
Benjamin Franz
Received on Friday, 8 November 1996 09:52:52 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 27 October 2010 18:14:20 GMT