Outline for November 5, 2003

Reading: Chapters 14.1-14.4, 14.6

Discussion Problem

A web site has a form that asks for your mailing address, and sends some information to the address you give it. Recently, an attacker was able to download the web server's logs, containing the user names, IP addresses, and file names that other users accessed. The attacker is known only to have accessed the form on the web page.

  1. How do you think the attacker read the log files?
  2. The site fixed that particular bug, but has since become nervous about people launching denial of service attacks on others through them. Could you use the web form to do this? If so, what could the site do to prevent this?

Outline for the Day

  1. Identity
    1. Principal and identity
    2. Users, groups, roles
    3. Identity on the web
    4. Host identity: static and dynamic identifiers
    5. State and cookies
    6. Anonymous remailers: pseudonymous, type 1 (cypherpunk) and type 2 (mixmaster)

Here is a PDF version of this document.