NOTE: use Perl; is on undef hiatus. You can read content, but you can't post it. More info will be forthcoming forthcomingly.
All the Perl that's Practical to Extract and Report
use Perl Log In
chromatic (983)
chromatic
(email not shown publicly)
http://wgz.org/chromatic/
(email not shown publicly)
http://wgz.org/chromatic/
Blog Information [technorati.com]
Profile for chr0matic [technorati.com]
Monday June 16, 2003
09:42 PM
On Improving a Protocol
Everybody knows it, but nobody wants to admit that HTTP is a completely broken protocol. Anybody in the world can initiate a connection with your web server and request absolutely any file or path that you may or may not have available. If you've run a web site for any amount of time, surely you've seen worm tracks and fake referrers in your logs.
You really can't fix HTTP it's beyond repair. I'm sick of being told "just ignore malformed requests and broken links". The real solution is to throw out HTTP completely and rewrite it from scratch to keep in mind authentication, authorization, and security.
That might take a while though, so here are some other ideas that will tide us over.
- Require a token micropayment from everyone who requests a page. After you review the request and decide it's legitimate, you can refund the payment.
- Require an authorization step, where any incoming connection immediately receives a challenge. This could be performing a small-but-significant mathematical operation or it could be a manual response step. Anyone who performs this step successfully will be added to a whitelist and never challenged again. Of course, you can add people to the whitelist if you have regular traffic from friends or family.
- Maintain a list of filters that deny requests that conform to certain parameters. Some people prefer to reject requests that are obvious forgeries requests that match Code Red, for example. Other people are more aggressive, subscribing to services that publish the IP addresses of known bad Internet citizens.
I think it's time we got serious about the Internet.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
Full
Abbreviated
Hidden
Loading... please wait.
--Larry Wall in stab.c from the perl source code
Stories, comments, journals, and other submissions on use Perl; are Copyright 1998-2006, their respective owners.
Interesting suggestions ... (Score:3, Interesting)
I would imagine that it the "pull" nature of HTTP - as opposed to the "push" nature of SMTP - which differentiates these services, but would like to hear your perspective and thoughts on this.
Reply to This
Re:Interesting suggestions ... (Score:3, Funny)
Good satire is hard to write. I blame Piers [perl.org] for bringing up Jonathan Swift tonight.
Gut reaction (Score:3, Interesting)
Then again, that is just a quick reaction without any thought what so ever.
I'll go cogitate on this.
Reply to This
:-D (Score:5, Insightful)
I just wanted to add that HTTP is actually my favourite protocol. It's got everything you need for just about any type of communication:
Now why can't SMTP be more like HTTP?
Reply to This