- From: Noah Mendelsohn <nrm@arcanedomain.com>
- Date: Thu, 08 Mar 2012 12:50:26 -0500
- To: Jonathan A Rees <rees@mumble.net>
- CC: "www-tag@w3.org" <www-tag@w3.org>
On 3/8/2012 11:53 AM, Jonathan A Rees wrote: > This idea should be cross-referenced with the thread that began here > > http://lists.w3.org/Archives/Public/www-tag/2009Dec/0122.html > > which never got resolved (basically whether 'secret URIs' are good practice > vs. bad practice). I was thinking exactly the same thing, but hadn't taken the trouble to dig up the old thread. FWIW: I remain in the camp that chooses to believe that, except perhaps in very specific cases, asking user agents and network systems to protect (for whatever definition of "protect") either Request-URIs or hrefs found in links is probably a mistake. If it had been spelled out as a requirement on day 1, well maybe, but we have a lot of software already deployed that deals with Request-URIs, traffic logs, pages, with links, etc., and it seems late to be stating new requirements on managing those things securely. Noah
Received on Thursday, 8 March 2012 17:50:53 UTC