- From: Tyler Close <tyler.close@gmail.com>
- Date: Thu, 13 Oct 2005 12:57:26 -0700
- To: "Henry S. Thompson" <ht@inf.ed.ac.uk>
- Cc: www-tag@w3.org, Daniel Weitzner <djweitzner@w3.org>, Rigo Wenning <rigo@w3.org>
Hi Henry, On 10/13/05, Henry S. Thompson <ht@inf.ed.ac.uk> wrote: > As I read the record (follow the various pointers back from [1]), the > defendant in the case was sitting at a browser with something along > the lines of > > http://donate.bt.com/tsunami/relief/appeal/confirmDonation.html > > in the address window of his browser, edited this to read > > http://donate.bt.com/tsunami/relief/../../../ > > and hit Return. > > For this he lost his job and has a criminal conviction. Since you have clearly demonstrated that you know the above URL is for an unauthorized request, I wonder if you are now liable for the actions of any web crawlers that index this email. The fact that you also know this email will be indexed by many web crawlers might also be relevant. I wonder if quoting your email also makes me liable. Tyler -- The web-calculus is the union of REST and capability-based security: http://www.waterken.com/dev/Web/ Name your trusted sites to distinguish them from phishing sites. https://addons.mozilla.org/extensions/moreinfo.php?id=957
Received on Thursday, 13 October 2005 19:57:38 UTC