Comment 4 for bug 1385564
Revision history for this message
| Aaron Wells (u-aaronw) wrote Re: Can illegially access pages that contain a secret url by normal url | #4 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
0e1f616
(Get the code!)
After discussing this with Hugh, we decided on the following changes that should be made to improve the security of Secret URLs:
1. As Robert suggested, clear the access cookies when a user logs out. Users probably expect this to happen.
2. When an unathenticated user accesses a secret URL, make the access cookie expire after 1 hour (or some other reasonable span).
I also considered but rejected these ideas:
1. Clear the access cookie when you log in. I rejected this because it breaks Use case 3 in my previous comment.
2. Do a 301 redirect to the page's real URL immediately upon accessing it by its secret URL. This would prevent the secret URL from being stored in the browser history (in most modern browsers). But on further consideration, I think this would detract too much from usability. For instance, there's the legitimate use-case where a user clicks on a secret URL link in an email, and then bookmarks the page while looking at it. If we had 301'ed them to the page's real URL, then their bookmark would not contain the access token, and it would give them "Access Denied" when they tried to use it.