From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Fri, 1 Dec 1995 16:59:25 +0800
To: Ed Carp <ecarp@netcom.com>
Subject: Re: Barring access to Netscape
In-Reply-To: <199512010738.BAA17804@khijol>
Message-ID: <Pine.SOL.3.91.951201002746.2186B-100000@chivalry>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 1 Dec 1995, Ed Carp wrote:

> I believe that Netscape uses "Mozilla" as their keyword when 
> exchanging browser-specific information.

The field is User-Agent. However, blocking access to users of Navigator 
isn't a particularly useful thing to do. If you must do something, why 
not modify your GET handler to add a header to the start of all html 
pages informing people of the problem, and suggesting alternatives. 

Someone else [I can't remember, but I'll call them Alice] claimed that the
security problems showing up were part of a deliberate conspiracy.  To
anyone who knows anything about the history of these things knows how
absurd this is. The principals at Netscape are a nice bunch of really
guys, but were not really up to speed on issues like security and
networking- for example, the first incarnation of SSL had an RC4 stream
running with no checksumming whatsoever. The security problems that
resulted are due to the learning curve.

Simon