[cap-talk] Webkeys vs. the web

Karp, Alan H alan.karp at hp.com
Tue Mar 31 16:59:01 EDT 2009


Chip Morningstar wrote:
> >
> >That observation may lead to the solution to Chip's problem.  If what appears
> >on a page can be tied to the path used to reach it, it should be safe to put
> >on a page a link to any page that the user traversed on the path to that page.
> 
> That's true as long as the user has traversed through a chain of non- public
> links to a page with an unguessable URL.  However, the particular problem I was
> posing had to do with the transition from a page whose URL could be expected to
> be known.
>
That's why I said "path to that page" and not "previous page."  I wasn't thinking about how to implement it (Nothing is impossible for the person who doesn't have to do it.), but perhaps a session cookie that's updated to keep a running hash on each page transition on the site would work.

________________________
Alan Karp
Principal Scientist
Virus Safe Computing Initiative
Hewlett-Packard Laboratories
1501 Page Mill Road
Palo Alto, CA 94304
(650) 857-3967, fax (650) 857-7029
http://www.hpl.hp.com/personal/Alan_Karp



More information about the cap-talk mailing list