- From: Terje Bless <link@tss.no>
- Date: Thu, 23 Sep 1999 02:15:22 +0200
- To: W3C Validator <www-validator@w3.org>
- cc: Nick Finck <nick@whitehorse.com>
On 22.09.99 at 15:04, Nick Finck <nick@whitehorse.com> wrote: >How about a "Privacy Statement" link at the bottom? I don't feel >comfortable typing in a URL like >http://username:password@www.domainname.com/etc/etc/ when trying to >validate secured pages. Then don't. If you just ask for <URL:http://www.domainname.com/etc/etc/>, the validator will proxy the authentication request back to you so you'll get a standard browser authentication dialog. It will also display a privacy statement of sorts. >Is the data logged? If so, is it secured? What is logged? Who can see >it? Does that information get passed out to companies who purchase the >information? ..etc, etc. The data is not logged. It exists in memory for a brief period of time, but it is never written to any file. Someone with access to the machine could conceivably manage to sniff out the data (by examining memory structures or peeking at swap files), but at that point it would be easier to just replace the validator with your own malicious version. Of course, you only have Gerald's word that the version you are using is the same one that the source code has been released for, but I'd tend to take his word for it. :-) If you are really paranoid you should download the source and use it locally. That way you can be sure. OTOH, if you are paranoid you shouldn't be using HTTP Basic authentication anyway. I'm paranoid, but am I paranoid /enough/? :-)
Received on Wednesday, 22 September 1999 20:18:37 UTC