- From: Greg Stein <gstein@lyra.org>
- Date: Wed, 16 Dec 1998 12:36:47 -0800
- To: w3c-dist-auth@w3.org
Slein, Judith A wrote: >... > 2. Replace the Re-Direct header with a No-Passthrough header that can be > applied to any reference, direct or redirect. This header asks the server > to apply the request to the reference itself, rather than to its target > resource. > ... Random thought: there is a weird correlation here between this No-Passthrough header and the "source link". For example, could No-Passthrough potentially be used to grab an ASP file rather than its execution result? Just popped into my head, so I thought I'd mention it. The source link does seem a bit nicer for security issues (because you secure based on URL rather than the presence of a header), but No-Passthrough seems handier for grabbing source (text or binary). -g -- Greg Stein, http://www.lyra.org/
Received on Wednesday, 16 December 1998 15:34:05 UTC