7. Security Considerations

7.1. Reliability and Consistency

The reliability of URIs depends on the intent and implementation of the resource owner.

7.2. Malicious Construction

Attackers may construct malicious URIs to:

• Exploit parser vulnerabilities
• Bypass security checks
• Execute injection attacks

7.3. Back-End Transcoding

Character encoding conversions may introduce security vulnerabilities.

7.4. Rare IP Address Formats

Certain IP address formats may be used for spoofing.

7.5. Sensitive Information

Warning: Do not include sensitive information (such as passwords) in URIs, because:

• URIs may be logged
• URIs may appear in referrer headers
• URIs may be cached

7.6. Semantic Attacks

Visually similar characters may be used to deceive users.

Examples:

• Cyrillic "а" looks like Latin "a"
• example.com vs examp1e.com (l vs 1)

---

Next Chapter: 8. IANA Considerations - URI scheme registration