Netscape 2.01 fixes server vulnerabilities by breaking the client...
Phil Karlton
karlton at netscape.com
Thu Apr 4 03:46:22 PST 1996
Rich Graves wrote:
> How about limiting URLs on non-blessed ports to, say, 64 alphanumeric
> characters? I'm sure the documentation writers and technical support
> folks would hate you, but it should address these concerns.
This is not good enough. Many people, feeling secure on their side of a
firewall, put proprietary information in their .plan files. Since the
the Navigator is running inside that firewall, we can't give access to
that data to sources coming from outside the firewall. Given the many
ways to construct a URL, the safest was to prevent any access to the
finger port (along with a number of others).
PK
--
Philip L. Karlton karlton at netscape.com
Principal Curmudgeon http://home.netscape.com/people/karlton
Netscape Communications
They that can give up essential liberty to obtain a little
temporary safety deserve neither liberty nor safety.
- Benjamin Franklin
More information about the cypherpunks-legacy
mailing list