[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Netscape 2.01 fixes server vulnerabilities by breaking the client...



Rich Graves wrote:

> How about limiting URLs on non-blessed ports to, say, 64 alphanumeric
> characters? I'm sure the documentation writers and technical support
> folks would hate you, but it should address these concerns.

This is not good enough. Many people, feeling secure on their side of a
firewall, put proprietary information in their .plan files. Since the
the Navigator is running inside that firewall, we can't give access to
that data to sources coming from outside the firewall. Given the many
ways to construct a URL, the safest was to prevent any access to the
finger port (along with a number of others).

PK
--
Philip L. Karlton		[email protected]
Principal Curmudgeon		http://home.netscape.com/people/karlton
Netscape Communications

     They that can give up essential liberty to obtain a little
     temporary safety deserve neither liberty nor safety.
		- Benjamin Franklin