Since the "community" is not private, but open to the entire world, I often crosspost stuff I do here on the CISSPforum. The community generates/creates/uses rather huge URLs, and they don't work well with the text-only, but safe and secure, mailer that I use. Sometimes I use Twitter to fix this, by posting a link to my piece, originally on the "community," over there, which turns something like:
At times I have deliberately chosen a short subject title, and I've even found that you can re-edit the subject title and get a new, shorter, URL, which I did with the "CISSP questions" topic, which originally had a longer title, with punctuation in it, but is now a "mailing manageable"
Twitter, you see, doesn't seem to use, or even care, about the account name that comes before the "status" part of the URL, it just looks at the numeric designator at the end of the URL. I can make up any account I want, and get exactly the same tweet:
For those of us who use "subscriptions," this "part-post and then edit" can be annoying, as we get all the versions as they are posted, but I suppose that will only be an issue if they ever get the subscription bug fixed.
OK, so, other than the fact that this is about how the "community" system does URLs, why did I post this? There are three security related points to make. (All of which are by way of saying the same thing in different ways.)
First: integrity. Make the URL show what it is supposed to do. Everybody uses URL shorteners, but those of us in security are, at least, a little embarrassed about doing it.
Second: complexity is the enemy of security. Why have extraneous extra stuff in a URL that doesn't do anything? There is always the chance that someone will come along and make them do something, and, very likely, something untoward. For example, I can create a perfectly usable URL that says: