[
Lists Home |
Date Index |
Thread Index
]
At 7:05 PM -0800 1/5/04, Robert Koberg wrote:
>> In a truly individualized situation all that's needed are URLs of
>>the form http://www.example.com/page.html?username=elharo
>
>
>Does your bank do this? If so, which bank do you use?
>In other words, do you care if someone who knows or guesses your
>username can access your individualized situation?
You're missing a crucial point. The password which is also necessary
for access is not included in the URL. The URI identifies the
resource but it is not sufficient for access to the resource (unless
that's what you want of course. There are less sensitive situations
where I might well want to expose the contents of a personalized page
to the world; e.g. my wish list at amazon.com)
--
Elliotte Rusty Harold
elharo@metalab.unc.edu
Effective XML (Addison-Wesley, 2003)
http://www.cafeconleche.org/books/effectivexml
http://www.amazon.com/exec/obidos/ISBN%3D0321150406/ref%3Dnosim/cafeaulaitA
|
