Re: [OT] nested while - how to go to the beginning of the first while?

From: Stephen Hildrey <steve@xxxxxxxxxxxxx>
Date: Wed, 06 Jul 2005 09:15:36 +0000

S.Tobias wrote:

This is the first time I hear about it. What is the difference in terms of security between different URLs, be they short or long? Except that posting tinyurls is not a good idea in itself, the only problem I can see is that tinyurl.com might be hijacked, but so might any other homepage.

tinyurl.com is a "URL shortening" service - you give it a long, unwieldy URL and it will "convert" it to a shorter one beginning with "http://tinyurl.com/";.

When you request the tinyurl.com URL, your browser receives and follows an HTTP 302 redirect to the original, longer URL. Because there is no "are you sure you want to visit long_url?" confirmation, you're effectively clicking blind links.

Other "URL shortening" services acknowledge this problem and insert a time delay or confirmation before redirecting the client (though I can't think of them off the top of my head).

To James: the .htm should be of no reassurance - browsers will interpret content based on the HTTP Content-type header they receive, not based on file extension.

Steve
.

Follow-Ups:
- Re: [OT] nested while - how to go to the beginning of the first while?
  - From: CBFalconer

References:
- Re: nested while - how to go to the beginning of the first while?
  - From: jdallen2000
- Re: nested while - how to go to the beginning of the first while?
  - From: Lawrence Kirby
- Re: nested while - how to go to the beginning of the first while?
  - From: James Dow Allen
- Re: nested while - how to go to the beginning of the first while?
  - From: CBFalconer
- Re: nested while - how to go to the beginning of the first while?
  - From: James Dow Allen
- Re: [OT] nested while - how to go to the beginning of the first while?
  - From: S.Tobias

Prev by Date: Re: If forget to fclose() after fopen(), is there any testing tool who can detect it automatically?
Next by Date: Re: will the memory allocated by malloc get released when program exits?
Previous by thread: Re: [OT] nested while - how to go to the beginning of the first while?
Next by thread: Re: [OT] nested while - how to go to the beginning of the first while?
Index(es):
- Date
- Thread

Relevant Pages

Re: [PHP] Forms and destroying values
... The trick, as I learned from this list, is to send a redirect to the browser to a confirmation page, so the browser remembers the page redirected to and completely ignores the page that made the redirection so that neither a refresh nor going back to it can repeat the operation. ... So, if the database update has been succesful, use the headerfunction to send a 'location' header along with enough arguments in the URL to display a significant confirmation message but make sure that it is different from the URL that makes the database update. ...
(php.general)
Re: Post with redirect?
... browser would do? ... Background reading: ... a 307 redirect could work. ... it also requires confirmation from the users. ...
(comp.lang.php)
Re: Forms Based Authentication and the OpenWave Browsers
... Try taking this redirect out of the try...catch; ... > Authentication in cookie enabled WAP browsers. ... > Samsung Browser, Forms Authentication and RedirectFromLoginPage - This is ... > Open Wave Browser and Cookies - While regression testing my new change, ...
(microsoft.public.dotnet.framework.aspnet.security)
Re: ASP and NTFS
... then the browser needs to send the appropriate credentials in ... >If the browsers are Internet Explorer, and the user places the site into ... >Internet Explorer May Prompt You for a Password ... >> be able to redirect with the user name and password they already ...
(microsoft.public.inetserver.iis.security)
Re: Redirection using .htaccess
... |>|>address bar of the browser is getting changed to the new url. ... |>|If a browser redirect is involved, what the browser chooses to display ... |>To stop the URL in the address bar from changing do not set the R flag ...
(php.general)