[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Barring access to Netscape



> The field is User-Agent. However, blocking access to users of Navigator 
> isn't a particularly useful thing to do. If you must do something, why 
> not modify your GET handler to add a header to the start of all html 
> pages informing people of the problem, and suggesting alternatives. 

	I haven't modified my GET, but at the top of all the standard
c2.org web pages (http://www.c2.org/) if you are using pre-1.12
netscape, it barfs at you with a nasty message. I plan on adding a
line for all netscape browsers, with a link to Lance's page, once it
is ready. (Maybe it is ready now, I just haven't looked yet.)

> 
> Someone else [I can't remember, but I'll call them Alice] claimed that the
> security problems showing up were part of a deliberate conspiracy.  To
> anyone who knows anything about the history of these things knows how
> absurd this is. The principals at Netscape are a nice bunch of really
> guys, but were not really up to speed on issues like security and
> networking- for example, the first incarnation of SSL had an RC4 stream
> running with no checksumming whatsoever. The security problems that
> resulted are due to the learning curve.
> 
> Simon
> 


-- 
sameer						Voice:   510-601-9777
Community ConneXion				FAX:     510-601-9734
The Internet Privacy Provider			Dialin:  510-658-6376
http://www.c2.org/ (or login as "guest")		[email protected]