Eureka! (Re: Comments on Python Redesign)
jim-usenet at jimdabell.com
Tue Sep 9 01:48:16 CEST 2003
Erik Max Francis wrote:
> Peter Hansen wrote:
>> * You can't tell ahead of time what site you are going to be
>> redirected to.
>> As a result, you lose complete freedom to choose whether or not you
>> follow the link. (Note for the imprecise: I didn't say you
>> completely lose
>> freedom, I said you lose complete freedom.)
> But you can't tell that any URL, even a long one that looks meaningful,
> won't redirect you someplace you don't want to go. Even if it's what
> you expected, there could be something on the page which potentially
> does something malicious, like a Java bomb.
> It all comes down to trusting the person who's posting the URL, and that
> doesn't change whether it's a tinyurl.com URL being posted or something
No. The crucial difference is that, if you can see the real URL, you don't
have to trust the poster if you trust the website. I trust a URL pointing
to the python.org domain won't redirect me to a malicious website, no
matter who posts it. If said URL is obfuscated with tinyurl or similar, I
only have the option of trusting the poster.
More information about the Python-list