July 19, 2004

GMail inbox URIs showing up in HTTP referrer headers

Oh, this is interesting. When I was browsing Dare's comments area on his blog that avoided deciding whether XmlTextReader is or is not compliant with the spec (or behaving merely 'by design') I notice a bunch of wacky URIs like these:

  • http://gmail.google.com/gmail?view=cv&search=cat&cat=Mono-devel-list&th=fdc3c2ea6e52696&zx=e20c659d877b0e4e1611868589 [Referral]

  • http://gmail.google.com/gmail?view=cv&search=cat&cat=mono&th=fdc40f131e1b3cf&zx=9937ac711a81292a1129829958 [Referral]

    • This doesn't look limited to GMail, but I'm curious about whether there are Web apps that approach security through obscurity and are getting exposed because of it.

No comments: