On Thu, Mar 20, 2008, Amos Jeffries wrote:
> >>I don't know much about 2.5 but in up-to-date versions, logging of query
> >>urls is governed by "strip_query_terms". By default it's on to avoid
> >>logging things like session IDs.
> >
> >it's called privacy :)
>
> It's called philanthropy: protecting idiots against themselves at ones
> own cost.
>
> No webmaster with any serious intentions of privacy publishes the
> SESSION-IDs in visible URI. The sensible ones use session cookies,
> nicely hidden from script-kiddies eyes, easily removed by
> security-conscious users, and not getting in the way of smart users
> direct-linking.
It happens. Think "Java application session ids". I saw one today.
foo.com?SESSION_ID=${MD5}.
Thanks! No way to possibly cache that!
Adrian
-- - Xenion - http://www.xenion.com.au/ - VPS Hosting - Commercial Squid Support - - $25/pm entry-level VPSes w/ capped bandwidth charges available in WA -Received on Wed Mar 19 2008 - 07:29:19 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Apr 01 2008 - 13:00:05 MDT