Re: Properties of References

Slein, Judith A wrote:
>...
> 2.  Replace the Re-Direct header with a No-Passthrough header that can be
> applied to any reference, direct or redirect.  This header asks the server
> to apply the request to the reference itself, rather than to its target
> resource.
> ...

Random thought: there is a weird correlation here between this
No-Passthrough header and the "source link". For example, could
No-Passthrough potentially be used to grab an ASP file rather than its
execution result?

Just popped into my head, so I thought I'd mention it. The source link
does seem a bit nicer for security issues (because you secure based on
URL rather than the presence of a header), but No-Passthrough seems
handier for grabbing source (text or binary).

-g

--
Greg Stein, http://www.lyra.org/

Received on Wednesday, 16 December 1998 15:34:05 UTC