[LINK] Senate committee probes AGD's data retention activities

Kim Holburn kim at holburn.net
Mon Nov 1 19:51:38 AEDT 2010

On 2010/Nov/01, at 7:26 PM, Rick Welykochy wrote:
> An HTTP URL (and many others) can contain private data, what one could
> call content, in the parameter section. And in certain cases that private
> data can even be part of the URL's pathname. This is because private data
> can be tacked on to the end of, say, a script name, and is call PATH_INFO
> by the Common Gateway Interface (CGI).

Private data can be in the URI before the "?".
Actual template from here:



certain protocols have different URI elements.

> fictitious examples:
> http://nowhere.com/content/script.cgi/user/private/data?r=abc&acct=123456789
> ......<---host---> <------path------> <--content--><------parameters------->
> Very fine hairs are being split unless everything in the URL after
> the host is considered sacrosanct and private content.
> And of course there is a data: scheme, in which the URL itself contains
> all the data within itself:
> data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAA...
> In the above case everything after "base64," is private content. In the
> case of a mailto: URL, everything after the ? is private content:
> mailto:jsmith at example.co?subject=Test&body=PrivateStuff
> Over at <http://en.wikipedia.org/wiki/URI_scheme> I counted about
> 70 official URI schemes and more unofficial such. Each has its
> own privacy and content vs data implications. For the legislator's
> consideration. Or the court's future headaches.
> cheers
> rickw
> -- 
> Rick Welykochy || Praxis Services
> When choosing between two evils, I always like to take the one I haven't tried before.
>      -- Mae West
> _______________________________________________
> Link mailing list
> Link at mailman.anu.edu.au
> http://mailman.anu.edu.au/mailman/listinfo/link

Kim Holburn
IT Network & Security Consultant
T: +61 2 61402408  M: +61 404072753
mailto:kim at holburn.net  aim://kimholburn
skype://kholburn - PGP Public Key on request 

More information about the Link mailing list