From: Phil Karlton <karlton@netscape.com>
To: Rich Graves <llurch@networking.stanford.edu>
Message Hash: 0d97b416b3572f25e2da57ad2e81c5bb71ee33380f87932d0913c2463c50dc8c
Message ID: <31633ABF.4487@netscape.com>
Reply To: <315C8FCB.2781@netscape.com>
UTC Datetime: 1996-04-04 11:46:22 UTC
Raw Date: Thu, 4 Apr 1996 19:46:22 +0800
From: Phil Karlton <karlton@netscape.com>
Date: Thu, 4 Apr 1996 19:46:22 +0800
To: Rich Graves <llurch@networking.stanford.edu>
Subject: Re: Netscape 2.01 fixes server vulnerabilities by breaking the client...
In-Reply-To: <315C8FCB.2781@netscape.com>
Message-ID: <31633ABF.4487@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain
Rich Graves wrote:
> How about limiting URLs on non-blessed ports to, say, 64 alphanumeric
> characters? I'm sure the documentation writers and technical support
> folks would hate you, but it should address these concerns.
This is not good enough. Many people, feeling secure on their side of a
firewall, put proprietary information in their .plan files. Since the
the Navigator is running inside that firewall, we can't give access to
that data to sources coming from outside the firewall. Given the many
ways to construct a URL, the safest was to prevent any access to the
finger port (along with a number of others).
PK
--
Philip L. Karlton karlton@netscape.com
Principal Curmudgeon http://home.netscape.com/people/karlton
Netscape Communications
They that can give up essential liberty to obtain a little
temporary safety deserve neither liberty nor safety.
- Benjamin Franklin
Return to April 1996
Return to “Tom Weinstein <tomw@netscape.com>”