|
|
|
| Authored by: PJ on Friday, May 03 2013 @ 03:59 PM EDT |
| A web page with an obscure
URL is not quite like an object abandoned on a
public
street, it's more like a small object (say a book) tossed
into a very
large field of tall weeds, or hidden under
leaves inside a large wood, on land
that is open to the
public.
I'd say it's more like a book that a library
would prefer most people didn't know they had, but want to have it on the shelf
for those who will use it the way the library wants. Still, it's a book on the
public shelf. And there's nothing barring access if you happen to stumble upon
it.
That is a big difference from a book the library puts in its
locked
behind a glass collection that you have to sign up to access.
You absolutely
can end up on an unpublicized url by mistake, just looking for something else.
Making that criminal destroys something much more important than you realize.
If you want a web page kept private, put it in a private space and don't let
anyone access without the "key". Because if you put it on the public Internet,
somebody will surely find it eventually, and if it's on the *public* Internet,
that should not be a crime. [ Reply to This | Parent | # ]
|
| |
| Authored by: Anonymous on Friday, May 03 2013 @ 05:39 PM EDT |
Sorry PJ, you are missing James Grimmelmann's point here. It's a purely
technical one.
Forget - for a moment - about whether it's data put up for public viewing or
not. In fact forget about the content entirely. It's not relevant.
Entering eOH7KvedHxS3iYRa in a box and typing ?pw=eOH7KvedHxS3iYRa is
technically the same thing. The receiving server code will see eOH7KvedHxS3iYRa
whichever way you do it.
If pw is the name of the password field - which is implicit in this example -
the program will use:
$input = $_POST['pw'];
to get info from the box, and
$input = $_GET['pw'];
to get info from the URL.
Either way $input will then contain eOH7KvedHxS3iYRa.
More realistically the code would be:
$input = isset $_POST['pw'] ? $_POST['pw'] : '';
$input = isset $_GET['pw'] ? $_GET['pw'] : '';
to guard against no input. But frequently the code will be combined as:
$input = isset $_POST['pw'] ? $_POST['pw'] : (!isset $_GET['pw']) ?
$_GET['pw'] : '');
meaning assign to $input if box is set then box value, else if pw= is suppled
then pw value, else nothing.
[ Reply to This | Parent | # ]
|
| |
| Authored by: Anonymous on Friday, May 03 2013 @ 05:51 PM EDT |
In theory, passwords should be security devices. The problem is that
software, websites, and the like that require passwords, typically have rules
that are designed to ensure that the password is broken within 30 minutes, by
anybody that knows anything about cracking passwords.
The only
legitimate reason for a site to reject a password such as
"«σᚔᚕ6δϐᏬשب@15ᚑᚒ
8128;ﺐﺧﺇﺨ&R!6S3|+67ᚓ»" is that it is too
short.
When passwords are required to be pathetically weak, they are
mere annoyances. Unfortunately, too many so-called security experts don't
understand why passwords such as "gn!K^@3" are inherently insecure, and should
never be allowed for anything more private than the office coffee maker. Worse
still, financial institutions in the United States pretty much prohibit even
that pathetically weak password, in favour of something that is even more
insecure, and weaker.
On an unrelated matter, consider the effect on HR
asking for passwords to FaceBook, etc, and being given something like
"«ὌὐἇKiNḧк͖ΕɷɖŸ§ûאם
;ᡱヘボバ光備12兢ﺧ
2;凌»". Copy and paste might work. Transcribing it from hard copy probably
won't work. Deciphering it from a handwritten note is guaranteed to fail.(I see
the copy and paste to here failed to correctly display the glyphs.) [ Reply to This | Parent | # ]
|
| |
| Authored by: Anonymous on Saturday, May 04 2013 @ 01:01 AM EDT |
One is a combination for a lock. The other a street address. Driving by all
the addresses on the map is not the same as breaking a lock.[ Reply to This | Parent | # ]
|
|
|
|
|
