cryptoanarchy.wiki

Arise, you have nothing to lose but your barbed wire fences!

1996-04-04 - Re: Netscape 2.01 fixes server vulnerabilities by breaking the client…

Header Data

From: Phil Karlton <karlton@netscape.com>
To: Rich Graves <llurch@networking.stanford.edu>
Message Hash: 0d97b416b3572f25e2da57ad2e81c5bb71ee33380f87932d0913c2463c50dc8c
Message ID: <31633ABF.4487@netscape.com>
Reply To: <315C8FCB.2781@netscape.com>
UTC Datetime: 1996-04-04 11:46:22 UTC
Raw Date: Thu, 4 Apr 1996 19:46:22 +0800

Raw message

From: Phil Karlton <karlton@netscape.com>
Date: Thu, 4 Apr 1996 19:46:22 +0800
To: Rich Graves <llurch@networking.stanford.edu>
Subject: Re: Netscape 2.01 fixes server vulnerabilities by breaking the client...
In-Reply-To: <315C8FCB.2781@netscape.com>
Message-ID: <31633ABF.4487@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain


Rich Graves wrote:

> How about limiting URLs on non-blessed ports to, say, 64 alphanumeric
> characters? I'm sure the documentation writers and technical support
> folks would hate you, but it should address these concerns.

This is not good enough. Many people, feeling secure on their side of a
firewall, put proprietary information in their .plan files. Since the
the Navigator is running inside that firewall, we can't give access to
that data to sources coming from outside the firewall. Given the many
ways to construct a URL, the safest was to prevent any access to the
finger port (along with a number of others).

PK
--
Philip L. Karlton		karlton@netscape.com
Principal Curmudgeon		http://home.netscape.com/people/karlton
Netscape Communications

     They that can give up essential liberty to obtain a little
     temporary safety deserve neither liberty nor safety.
		- Benjamin Franklin

Thread