Re: Insecure WWW Access Authorization Protocol?

michael shiplett (
Tue, 8 Mar 1994 22:00:46 --100

"ts" == Tony Sanders <sanders@BSDI.COM> writes:

ts> michael shiplett writes:

pl> beforehand is the URL, we must map the URL to a Kerberos
pl> principal.

ts> You cannot trust the URL anymore than you can trust the server
ts> reply.
The URL is as trustworth as the source of the URL--whether the
source is in or out of band.


a) A university or organization publication (e.g., a computing guide,
faculty and staff newsletter, etc.) recommends that users without
their own home pages default to

b) A friend tells you about a great new service and suggests you
that you try it.

If you don't trust *any* URL, you may as forget about running a web