Outline for November 5, 2003
Reading: Chapters 14.1-14.4, 14.6
A web site has a form that asks for your mailing address, and sends
some information to the address you give it. Recently, an attacker
was able to download the web server's logs, containing the user
names, IP addresses, and file names that other users accessed. The
attacker is known only to have accessed the form on the web page.
- How do you think the attacker read the log files?
- The site fixed that particular bug, but has since become nervous
about people launching denial of service attacks on others through
them. Could you use the web form to do this? If so, what could the
site do to prevent this?
Outline for the Day
- Principal and identity
- Users, groups, roles
- Identity on the web
- Host identity: static and dynamic identifiers
- State and cookies
- Anonymous remailers: pseudonymous, type 1 (cypherpunk) and type
Here is a PDF version of this document.