Mailing List Archive
tlug.jp
Mailing List
tlug archive
tlug Mailing List Archive
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [tlug] detect fake HTTP referrer
- Date: Fri, 18 Jan 2008 08:56:58 +0900
- From: "Stephen J. Turnbull" <stephen@example.com>
- Subject: Re: [tlug] detect fake HTTP referrer
- References: <78d7dd350801160011x2db75b54ofdbffb76d41c5044@mail.gmail.com> <20080116112944.ab6ae181.attila@kinali.ch> <78d7dd350801160622taa0faf3sa072283d59964936@mail.gmail.com> <20080116112603.G63335@isris.pair.com> <87sl0x32p3.fsf@uwakimon.sk.tsukuba.ac.jp> <20080117012834.E63335@isris.pair.com> <878x2o3iv4.fsf@uwakimon.sk.tsukuba.ac.jp> <20080117061725.W63335@isris.pair.com>
Joe Larabell writes: > > > .... That's my bandwidth and, even though I get a certain amount > > > included in my montlhly allottment, it's not a *free* > > > resource. That's theft. > > > > AFAIK it's not. I can understand that you dislike it, but that > > doesn't make it theft. > > IANAL but it seems to me that intentionally using my paid-for ISP account > to serve images for their site without my permission should fall in the > same bracket as someone using another's WiFi access point without their > knowledge. The latter is of very questionable legality and there have been > arrests and fines (I Googled "WiFi theft" to verify that). The analogy breaks down because the anonymous people who download images from your site are doing so with your knowledge and permission. In the WiFi situation, that ain't so. If you want to make sure the references come from your site or people who have your permission to do so, you'd better not put up the content for anonymous download. Consider: you could easily get hosed by a bug in a 'bot (eg, something like "GET /rboots.txt" could cost you a year's worth of bandwidth!) > According to the original cookie spec, all that comes back to the server > on subsequent requests is: Right. I'm beginning to see why you're having such problems with this whole conversation. The *server* must enforce cookie validity. This is not just a matter of protecting itself from ethically-challenged clients. "Never attribute to malice that which can be explained by mere stupidity." You think in terms of burden-sharing, but as "nice" as it sounds in sufficiently abstract theory, as soon as you start thinking about the practical consequences, the economics go wonky. In the same way, the server must enforce any preconditions on downloads. Granted, images consume enough bandwidth that the zurui motivations start to come to the fore, but there are good reasons why servers *should* enforce their desired restrictions, rather than criminalizing impolite client behavior.
- References:
- [tlug] detect fake HTTP referrer
- From: Nguyen Vu Hung
- Re: [tlug] detect fake HTTP referrer
- From: Attila Kinali
- Re: [tlug] detect fake HTTP referrer
- From: Nguyen Vu Hung
- Re: [tlug] detect fake HTTP referrer
- From: Joe Larabell
- Re: [tlug] detect fake HTTP referrer
- From: Stephen J. Turnbull
- Re: [tlug] detect fake HTTP referrer
- From: Joe Larabell
- Re: [tlug] detect fake HTTP referrer
- From: Stephen J. Turnbull
- Re: [tlug] detect fake HTTP referrer
- From: Joe Larabell
- [tlug] detect fake HTTP referrer
- Prev by Date: Re: [tlug] detect fake HTTP referrer
- Next by Date: Re: [tlug] Need Linux PDA recommendations
- Previous by thread: Re: [tlug] detect fake HTTP referrer
- Next by thread: Re: [tlug] detect fake HTTP referrer
- Index(es):
| Home Page | Mailing List | Linux and Japan | TLUG Members | Links |