[LINK] Senate committee probes AGD's data retention activities
Kim Holburn
kim at holburn.net
Mon Nov 1 19:51:38 AEDT 2010
On 2010/Nov/01, at 7:26 PM, Rick Welykochy wrote:
> An HTTP URL (and many others) can contain private data, what one could
> call content, in the parameter section. And in certain cases that private
> data can even be part of the URL's pathname. This is because private data
> can be tacked on to the end of, say, a script name, and is call PATH_INFO
> by the Common Gateway Interface (CGI).
Private data can be in the URI before the "?".
Actual template from here:
https://secure.wikimedia.org/wikipedia/en/wiki/URI_scheme
foo://username:password@example.com:8042/over/there/index.dtb?type=animal;name=narwhal#nose
protocol://username:password@host.domain:port/path/full/file?cgi=variables;another=variable#anchor-point-in-document
certain protocols have different URI elements.
>
> fictitious examples:
>
> http://nowhere.com/content/script.cgi/user/private/data?r=abc&acct=123456789
> ......<---host---> <------path------> <--content--><------parameters------->
>
> Very fine hairs are being split unless everything in the URL after
> the host is considered sacrosanct and private content.
>
> And of course there is a data: scheme, in which the URL itself contains
> all the data within itself:
>
> data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAA...
>
> In the above case everything after "base64," is private content. In the
> case of a mailto: URL, everything after the ? is private content:
>
> mailto:jsmith at example.co?subject=Test&body=PrivateStuff
>
>
> Over at <http://en.wikipedia.org/wiki/URI_scheme> I counted about
> 70 official URI schemes and more unofficial such. Each has its
> own privacy and content vs data implications. For the legislator's
> consideration. Or the court's future headaches.
>
>
> cheers
> rickw
>
>
>
> --
> Rick Welykochy || Praxis Services
>
> When choosing between two evils, I always like to take the one I haven't tried before.
> -- Mae West
> _______________________________________________
> Link mailing list
> Link at mailman.anu.edu.au
> http://mailman.anu.edu.au/mailman/listinfo/link
--
Kim Holburn
IT Network & Security Consultant
T: +61 2 61402408 M: +61 404072753
mailto:kim at holburn.net aim://kimholburn
skype://kholburn - PGP Public Key on request
More information about the Link
mailing list