On 23/06/2010 8:20 p.m., Paul Querna wrote:
4) How is it a "completely unreasonable violation" of privacy to show request urls to a public website, with zero private content or anything even remotely sensitive, and associate that with an IP address? IP address X was looking up how to configure Hadoop... and that harms someone how? We aren't a search engine, we don't host anything that is embarrassing or private on the public server-status pages.
So if an attacker sees your company researching patches for a particular vulnerability reported on apache.org, that wouldn't be useful to them?
I don't know what hellhole you live in where companies casually broadcasing your every interaction with them is considered acceptable.
Nicholas Sherlock
