(no subject)

no email ()
Wed, 9 Feb 1994 22:16:06 --100

????, then rob mcool, then lou montulli sez>>
>> So Rob McCool sez to me:
>> > I think we need to change this section to read that From: is to be
>> > used for logging purposes only, and strike the mention of insecure
>> > form of access protection and the section on the person given
>> > accepting responsibility for the method performed. The only access
>> > protection this would provide is applicable in such a limited context
>> > that the information in From: is not useful for more than logging
>> > information anyway.
>> I agree. I'm much more interested in clients that can (eventually)
>> encrypt a paassword field in a document and send it to the server for
>> validation than in ever suggesting that the From: field could be used
>> for some sort of access control. OTOH, I'd just love to have the server
>> log that information - there are a number of cases where we could make
>> use of user name information in our summary stats.

The encryption is nicely handled now by the emacs browser ad mosaic2.2 +
httpd1.1, I think this should solve most of the security problems (at least
in the USA... %!#@!ing patents/export restrictions on encryption
algorithms... blah).

>While we are on that subject. I would love to see the Within? field
>logged. There is some field that is supposed to be the URI of the
>document that contained the requested URI. If we had that logged then we
>could tell which documents had pointers into our data, and we might be
>able to inform people who maintain these documents when we move/destroy
>our own docs.

I think you are thinkinf of the 'Referer:' field. I send this when
possible, but do any others? I think lynx does, but I don't recall seeing
it in a request from Mosaic. It could be extremely useful in the case of
failed requests.

-Bill P.