[cap-talk] Webkeys vs. the web

Karp, Alan H alan.karp at hp.com
Tue Mar 31 14:19:17 EDT 2009

Kevin Reid wrote:
> > Just the other day, I sent the link to a news item I saw at Schwab.
> > Since I was logged in, there was also a link on the page to where I
> > manage my account.  Had this been a webkey system, my money might be
> > gone.  (Oh wait, that already happened.)
> But if this was a webkey system, it wouldn't *have* that link.
It *shouldn't* have that link.

Your comment got me thinking.  That link was probably on the page because the page was constructed dynamically based on context.  If I had sent the URL for the page to you, the link wouldn't have been there because you wouldn't have been logged in to my account.  In fact, if you were logged into your account, then maybe the link to your account would have appeared where I saw the link to mine.  

That observation may lead to the solution to Chip's problem.  If what appears on a page can be tied to the path used to reach it, it should be safe to put on a page a link to any page that the user traversed on the path to that page.

Alan Karp
Principal Scientist
Virus Safe Computing Initiative
Hewlett-Packard Laboratories
1501 Page Mill Road
Palo Alto, CA 94304
(650) 857-3967, fax (650) 857-7029

More information about the cap-talk mailing list