Eureka! (Re: Comments on Python Redesign)

Jim Dabell jim-usenet at jimdabell.com
Tue Sep 9 01:48:16 CEST 2003


Erik Max Francis wrote:

> Peter Hansen wrote:
> 
>> * You can't tell ahead of time what site you are going to be
>>   redirected to.
>>   As a result, you lose complete freedom to choose whether or not you
>>   should
>>   follow the link.  (Note for the imprecise: I didn't say you
>>   completely lose
>>   freedom, I said you lose complete freedom.)
> 
> But you can't tell that any URL, even a long one that looks meaningful,
> won't redirect you someplace you don't want to go.  Even if it's what
> you expected, there could be something on the page which potentially
> does something malicious, like a Java bomb.
> 
> It all comes down to trusting the person who's posting the URL, and that
> doesn't change whether it's a tinyurl.com URL being posted or something
> else.

No.  The crucial difference is that, if you can see the real URL, you don't
have to trust the poster if you trust the website.  I trust a URL pointing
to the python.org domain won't redirect me to a malicious website, no
matter who posts it.  If said URL is obfuscated with tinyurl or similar, I
only have the option of trusting the poster.


-- 
Jim Dabell





More information about the Python-list mailing list