Privacy ctd. (Re: Passwords in clear)

From: Andreas Strotmann <[email protected]>
Date: Thu, 10 Jul 1997 10:37:59 +0200

Hi,

scrolling through the cache.log error messages, I couldn't help noticing
another breach of privacy that I'd _much_ prefer not to have access to!!!

Namely, a few web-based chat lines apparently use GET rather than POST for
submitting chatters' comments -- apparently including those _specifically_
meant for just one single person on the Internet _only_, i.e. specifically
marked "private" in the chat-approved manner. Very often, the
corresponding clear-text URLs appear as ERR_USER_ABORT messages in the
cache.log file, and in the access.log file, one side of such an intimate
conversation will appear in full, perhaps including full account details,
personal addresses, personal web page addresses, telephone numbers, and
what-not.

Oh yes, I have already installed a proxy auto-config file that will
by-pass the cache for such URLs, but some people never learn :-< ...

For that reason, may I suggest that anything after a "?" in a URL be
stripped off or treated just like a password, please? Pretty please?

Thanks (blushing;-),

Andreas

-- 
Andreas Strotmann       / ~~~~~~ \________________A.Strotmann@Uni-Koeln.DE
Universitaet zu Koeln  /| University of Cologne   \
Regionales Rechenzentrum| Regional Computer Center \
Robert-Koch-Str. 10    /|    Tel: +49-221-478-5524 |\   Home: -221-4200663
D-50931  Koeln        __|__  FAX: +49-221-478-5590 |__________~~~~~~~~~~~~   
Received on Thu Jul 10 1997 - 01:38:56 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:35:43 MST