- From: Roy Fielding <fielding@beach.w3.org>
- Date: Mon, 14 Aug 1995 17:11:56 -0400
- To: http wg discussion <http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com>
In regard to the proxy passing logfile info to servers, I do hope
people discussing these issues have looked at the Security section
of the HTTP spec. Some of the suggestions would be a direct
violation of those recommendations.
Servers have a right to know
# individuals
# hits
hit times
domains serviced
per URL, but not e-mail addresses, machine names, or any other data
that could be used to identify an individual. Referer data must also]
be optional.
Like Andrew mentioned, this is best done by passing a URL to the
origin server that tells it where it may retrieve a sanitized summary
of the data.
....Roy T. Fielding Department of ICS, University of California, Irvine USA
Visiting Scholar, MIT/LCS + World-Wide Web Consortium
(fielding@w3.org) (fielding@ics.uci.edu)
Received on Monday, 14 August 1995 14:13:03 UTC