- From: Benjamin Franz <snowhare@netimages.com>
- Date: Fri, 8 Nov 1996 06:52:45 -0800 (PST)
- To: www-talk@w3.org
On Fri, 8 Nov 1996, MegaZone wrote: > Once upon a time Benjamin Franz shaped the electrons to say... > >most sites that do this do. There is no real reason to feed it out of the > >script itself. This also allows you to try to load balance download sites > > Yes there is - lawyers. They wanted it so that there was no way to the > file except via the script which contains a licensing agreement. Redirecting > to another URL would allow that URL to leak and people to get the code > directly. They are in a fool's paradise if they think that hiding it behind a script can force people to see the license. I could mention the MAJOR adult web site that has placed their authentication on one server and their files and search engine on a *different* server - and trusted to the fact they used a POST method form to shield the search engine from direct unauthorized access. They were wrong. If you want to make sure people read your license - put the files behind an .htaccess wall and make them ONLY accessible with a login password that is changed daily and given on the license page. And make the login realm a confirmation message for the license. Still won't stand up in a court though. Nothing not using cryptographic certs will (and not even those in all states). > Yes - cookies could maintain state - and exclude a lot of people. Not as many people as *very experimental* extensions to HTTP. Well over 90% of browsers tdoay support cookies. There are other approaches as well - such as putting the files in a directory that you move nightly (or hourly, or by the minute if you are paranoid enough) to a new location. That is what I did for a client with several images that kept getting directly linked (at a cost of tens of thousands of useless to them hits per day). No fixed locations - no fixed links - no problems. Took about ten lines of perl. -- Benjamin Franz
Received on Friday, 8 November 1996 09:52:52 UTC