[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: (none) [httpd finding your identity]

To: Jeff Weinstein <[email protected]>
Subject: Re: (none) [httpd finding your identity]
From: Scott Brickner <[email protected]>
Date: Mon, 15 Jan 1996 16:04:53 -0600
Cc: [email protected], [email protected]
In-Reply-To: (Your message of Sat, 13 Jan 1996 17:16:27 PST.) <[email protected]>
Sender: [email protected]

Jeff Weinstein writes:
>The snoop program is using FTP to find out the user's e-mail
>address.  The image on the page is an ftp: URL.  Our FTP code
>was sending the user's e-mail address as the password for
>anonymous FTP, which is the usually requested by FTP sites.
>The perl script was waiting for the FTP to happen, and then
>looking at its log to figure out the email address.
>
>  I've removed the code that uses the e-mail address as the
>FTP password for anonymous FTPs.  You can still enter it by
>hand by using a URL of this form 'ftp://[email protected]'.
>This will cause the navigator to prompt the user for the 
>password to send for anonymous.  This is a little known feature
>that will also allow users to access non-anonymous ftp
>accounts via netscape.

Or you can use 'ftp://anonymous:[email protected]/', and
skip the prompt.  Not really less secure (assuming you can prevent
shoulder surfers) as FTP sends the password in the clear, anyway.

References:
- Re: (none) [httpd finding your identity]
  - From: Jeff Weinstein <[email protected]>

Prev by Date: Re: Bignum support added to XLISP 2.1h
Next by Date: RE: Net Control is Thought Control
Prev by thread: Re: (none) [httpd finding your identity]
Next by thread: Re: (none) [httpd finding your identity]
Index(es):
- Date
- Thread