|
Authored by: Anonymous on Saturday, May 04 2013 @ 03:09 AM EDT |
Link to News Pick
PJ commented:
Not
so. If you put up a page on your website and don't publicize it, it's still on
the web, the public web, and it has no code blocking access. A URL is not
blocking code. A password is there for no reason except to block access. It's
disturbing that the authors doesn't see the difference.
After
reflecting on this for a while I think PJ's conclusion (and Orin Kerr's, I
believe) is correct. But I don't think it is quite the slam dunk PJ implies. I
agree that simply accessing a URL on the public web should not be unauthorized
access. And after some reflection that argument ultimately carried the day for
me. The complication here, which gave me pause, is that, presumably, in
both cases you are sending a password to the site. If I understand it
correctly, "?pw=eOH7KvedHxS3iYRa" is telling the website to set a variable
called "pw" to eOH7KvedHxS3iYRa and I presume the author chose "pw" to stand for
password. So the author is correct that in both cases you are providing a
password to the website. In one case you do it via the URL and in the other
case via a text box. And that definitely gave me pause and even now makes me
think this is more subtle than PJ indicates.
What finally decided it for me
is (if the web page is designed well) the visitor is put on notice that the web
site is demanding a password, i.e. access to that page is restricted, whereas
this is not as evident when the password is provided via the URL. So with that
I am comfortable concluding that the rule "URL != unauthorized access" is
absolute. What made this tricky for me (as I'm sure as the author intended) was
his choice of "pw" for the variable name whereas in his article Orin Kerr chose
"shva". But from the aspect of it merely being part of a URL they function the
same. [ Reply to This | Parent | # ]
|
|
Authored by: Anonymous on Saturday, May 04 2013 @ 11:33 AM EDT |
That's how I first read that headline -- seems it needs a re-write.
(Christenson)[ Reply to This | Parent | # ]
|
|
|
|
|