On Thu, 02 Nov 1995 16:46:04 +0100, Jacob Palme said:
advanced may have problems. One solution would be to include a
secret key in the URL-s, so that only those who have this secret
key can retrieve the message from the Web server. I am no experts
on Web security, but I guess there are solutions for this.
For certain situations, this is a problem. It requires certain
infrastructure which may not be accessible for either technical or
political reasons.
To send a magic cookie and have the object retrieved from the web
server, I as the sender need to have access to a web server that I can
store files on, and the person receiving it has to be able to reach my
web server. This can get very interesting...
Consider the case of my sending a bug report regarding X11 to IBM - if
I want to include a screen snapshot or sample source code, it almost
certainly has to be packaged in the mail and not as an external
reference, because the guys who will actually *read* the mail are
behind a pretty large and massive firewall. Also, even though I
*have* a Web server on my machine, I may not want to leave a very
large debugging file on *my* disk taking up space - I only have 1.4G
on this machine, and I don't want to have multiple 8M datasets sitting
on *my* system waiting for IBM to retrieve them sometime in the
future....
Bottom line - sending a magic cookie works for some things, but it is not
a total solution...
Valdis Kletnieks
Computer Systems Engineer
Virginia Tech