- From: Gervase Markham <gerv@mozilla.org>
- Date: Wed, 15 Nov 2006 18:16:38 +0000
Michel Fortin wrote: > I'm beginning to think that the link "fingerprint" method is best > solution because the hash is more portable as part of the URL. I could > for instance copy a fingerprinted URL right into this email: > > http://example.com/file#!md5!b3187253c1667fac7d20bb762ad53967 Indeed, that's one of the major use cases. > and a knowledgeable browser receiving this URL would know how to check > the validity of the received document. The two concerns I have with it > is that it somewhat distorts the concept of a fragment identifier, It does a bit; but the fragment identifier is unused for binary downloads, so there's not much risk of a clash. Also, "!" is currently not legal in HTML ids, AIUI. > and > it's generally going to be lost if there is any redirection (although a > browser that knows about fingerprints could keep them across redirections). Indeed. In fact, it would be a security flaw to update the identifier on redirect. Gerv
Received on Wednesday, 15 November 2006 10:16:38 UTC