Eureka! (Re: Comments on Python Redesign)
Jim Dabell
jim-usenet at jimdabell.com
Mon Sep 8 19:48:16 EDT 2003
Erik Max Francis wrote:
> Peter Hansen wrote:
>
>> * You can't tell ahead of time what site you are going to be
>> redirected to.
>> As a result, you lose complete freedom to choose whether or not you
>> should
>> follow the link. (Note for the imprecise: I didn't say you
>> completely lose
>> freedom, I said you lose complete freedom.)
>
> But you can't tell that any URL, even a long one that looks meaningful,
> won't redirect you someplace you don't want to go. Even if it's what
> you expected, there could be something on the page which potentially
> does something malicious, like a Java bomb.
>
> It all comes down to trusting the person who's posting the URL, and that
> doesn't change whether it's a tinyurl.com URL being posted or something
> else.
No. The crucial difference is that, if you can see the real URL, you don't
have to trust the poster if you trust the website. I trust a URL pointing
to the python.org domain won't redirect me to a malicious website, no
matter who posts it. If said URL is obfuscated with tinyurl or similar, I
only have the option of trusting the poster.
--
Jim Dabell
More information about the Python-list
mailing list