decoration decoration
Stories

GROKLAW
When you want to know more...
decoration
For layout only
Home
Archives
Site Map
Search
About Groklaw
Awards
Legal Research
Timelines
ApplevSamsung
ApplevSamsung p.2
ArchiveExplorer
Autozone
Bilski
Cases
Cast: Lawyers
Comes v. MS
Contracts/Documents
Courts
DRM
Gordon v MS
GPL
Grokdoc
HTML How To
IPI v RH
IV v. Google
Legal Docs
Lodsys
MS Litigations
MSvB&N
News Picks
Novell v. MS
Novell-MS Deal
ODF/OOXML
OOXML Appeals
OraclevGoogle
Patents
ProjectMonterey
Psystar
Quote Database
Red Hat v SCO
Salus Book
SCEA v Hotz
SCO Appeals
SCO Bankruptcy
SCO Financials
SCO Overview
SCO v IBM
SCO v Novell
SCO:Soup2Nuts
SCOsource
Sean Daly
Software Patents
Switch to Linux
Transcripts
Unix Books

Gear

Groklaw Gear

Click here to send an email to the editor of this weblog.


You won't find me on Facebook


Donate

Donate Paypal


No Legal Advice

The information on Groklaw is not intended to constitute legal advice. While Mark is a lawyer and he has asked other lawyers and law students to contribute articles, all of these articles are offered to help educate, not to provide specific legal advice. They are not your lawyers.

Here's Groklaw's comments policy.


What's New

STORIES
No new stories

COMMENTS last 48 hrs
No new comments


Sponsors

Hosting:
hosted by ibiblio

On servers donated to ibiblio by AMD.

Webmaster
You're missing a few technicalaites | 111 comments | Create New Account
Comments belong to whoever posts them. Please notify us of inappropriate comments.
You're missing a few technicalaites
Authored by: cjk fossman on Sunday, May 05 2013 @ 11:13 PM EDT
If you come across a door which has a lock, you know that lockpicking it is wrong, even if there's no notice on the door saying you aren't meant to pick the lock. Same here. That string is meant to be a lock

Someone wrote that earlier in this thread. I'm glad to see that you do not fully agree with that statement.

The URL is not a security mechanism. Basic authorization was baked into browsers and web servers for that exact reason. Basic authorization has been there since virtually the beginning of the WWW.

And here is one reason why. Suppose a good and trusted friend emails you a link to a document. Your friend tells you it's a must-read, but omits to mention that it resides on a web site where he has privileged access. You do not have access to the site but gain access and read the document anyway because the URL contains his password.

Now I think the author of the quoted post would call you a criminal. Just because you failed to find the string 'password' in the 99 character query string.

So now your fate depends on whether or not a prosecutor believes your crime was intentional or inadvertent. Good luck. Maybe the prosecutor will decide that you and your friend are engaged in a criminal enterprise and send you both up the river.

I'm certainly not excusing people who break into web sites and gain access to sensitive information. But people who program and own web sites need to be held responsible, too.

[ Reply to This | Parent | # ]

You're missing a few technicalaites
Authored by: Anonymous on Tuesday, May 07 2013 @ 05:30 AM EDT

I do take your point that using "pw" is maybe non obvious, especially for someone who's not used to computers.
Or even to someone used to computers: IBM System/38 & AS/400 both have a command "pwrdwnsys"; what is this command? It starts with "pw" or, if you like, "pwrd" both of which look like they could relate to passwords (I myself have used pwrd as an abbreviation for password in writing code), perhaps it could be a password to own the system PassWoRd-oWN-SYStem (like a *nix root password); but no, it is the command PoWeR-DoWN-SYStem.

[ Reply to This | Parent | # ]

Groklaw © Copyright 2003-2013 Pamela Jones.
All trademarks and copyrights on this page are owned by their respective owners.
Comments are owned by the individual posters.

PJ's articles are licensed under a Creative Commons License. ( Details )