[cap-talk] Webkeys vs. the web
Karp, Alan H
alan.karp at hp.com
Tue Mar 31 16:59:01 EDT 2009
Chip Morningstar wrote:
> >That observation may lead to the solution to Chip's problem. If what appears
> >on a page can be tied to the path used to reach it, it should be safe to put
> >on a page a link to any page that the user traversed on the path to that page.
> That's true as long as the user has traversed through a chain of non- public
> links to a page with an unguessable URL. However, the particular problem I was
> posing had to do with the transition from a page whose URL could be expected to
> be known.
That's why I said "path to that page" and not "previous page." I wasn't thinking about how to implement it (Nothing is impossible for the person who doesn't have to do it.), but perhaps a session cookie that's updated to keep a running hash on each page transition on the site would work.
Virus Safe Computing Initiative
1501 Page Mill Road
Palo Alto, CA 94304
(650) 857-3967, fax (650) 857-7029
More information about the cap-talk