Any thoughts on exec: URL?

marca@ncsa.uiuc.edu (Marc Andreessen)

Mail folder: WWW Talk Jan-Mar 1993 Archives
Next message: Willem van Leeuwen: "anonymous ftp and xmosaic"
Previous message: Rik Harris: "Re: Any thoughts on exec: URL? "
In-reply-to: joe@athena.mit.edu: "Any thoughts on exec: URL?"
References: joe@athena.mit.edu: "Any thoughts on exec: URL?"

Date: Tue, 9 Mar 93 00:41:54 -0800
From: marca@ncsa.uiuc.edu (Marc Andreessen)
Message-id: <9303090841.AA20114@wintermute.ncsa.uiuc.edu>
To: joe@athena.mit.edu
Cc: tk-WWW@athena.mit.edu, www-talk@nxoc01.cern.ch
Subject: Any thoughts on exec: URL?
In-reply-to: <9303081437.AA21416@theodore-sturgeon>
References: <9303081437.AA21416@theodore-sturgeon>
X-Md4-Signature: 1cec6b1d136a55b4c5a19952b85a762d

joe@athena.mit.edu writes:
> Any thoughts?  In particular, are there any security problems won't be
> fixed by asking the user whether or not to execute the command before
> doing so?

It's a mammoth security problem in general, don't you think?  Asking
the user whether or not to execute a command absolves you of
responsibility for the results, but the results could still be
catastrophic.

Cheers,
Marc

--
Marc Andreessen
Software Development Group
National Center for Supercomputing Applications
marca@ncsa.uiuc.edu