Chris's Wiki :: blog/web/AnalyticsVsSecurity Commentshttps://utcc.utoronto.ca/~cks/space/blog/web/AnalyticsVsSecurity?atomcommentsDWiki2010-03-22T18:29:13ZRecent comments in Chris's Wiki :: blog/web/AnalyticsVsSecurity.By Chris Siebenmann on /blog/web/AnalyticsVsSecuritytag:CSpace:blog/web/AnalyticsVsSecurity:d7250901e9b795b78f9d9f4074888bb8d75d8b1bChris Siebenmann<div class="wikitext"><p>I don't specifically know of anything besides my own code, but I haven't
particularly been looking for examples. I'd like to hope that I'm not the
only cautious and conservative person in the world, but maybe I am.</p>
<p>(<a href="https://utcc.utoronto.ca/~cks/space/blog/web/PermissiveWebApps">PermissiveWebApps</a> covers why I think the conservative approach is the
right one, or at least was until people started exploiting the situation
to add extra information to requests.)</p>
</div>2010-03-22T18:29:13ZFrom 203.206.20.233 on /blog/web/AnalyticsVsSecuritytag:CSpace:blog/web/AnalyticsVsSecurity:24a9406de0aafb18a12ec943dd3e2abbbb0054d4From 203.206.20.233<div class="wikitext"><p>It's a reasonably safe assumption that random websites ignore unknown GET parameters. What examples of sites beyond your own don't?</p>
</div>2010-03-20T12:24:09Z