Re: WWW Security Hole

Martin Hamilton <M.T.Hamilton@lut.ac.uk>

Mail folder: WWW Talk Jul-Oct 1993
Next message: Bob Stayton: "Re: WWWWW Notes"
Previous message: Tony Sanders: "Re: H1 semantics "
In-reply-to: Marc VanHeyningen: "WWW Security Hole"

Date: Thu, 12 Aug 1993 18:10:52 +0100 (BST)
From: Martin Hamilton <M.T.Hamilton@lut.ac.uk>
Sender: Martin Hamilton <M.T.Hamilton@lut.ac.uk>
Reply-To: Martin Hamilton <M.T.Hamilton@lut.ac.uk>
Subject: Re: WWW Security Hole
To: Marc VanHeyningen <mvanheyn@cs.indiana.edu>
Cc: www-talk@nxoc01.cern.ch, marca@ncsa.uiuc.edu
In-reply-to: <24166.745170240@moose.cs.indiana.edu>
Message-id: <Pine.3.07.9308121851.I16016-9100000@lust>
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; CHARSET=US-ASCII
Status: RO

Marc VanHeyningen said:

> - Is plain gopher sans WWW vulnerable to this same problem?  Do they
>   know about it?  If not, telling them (and also CERT) would be a good idea.

I've just verified this myself.  Oops!!

Idea:

How about patching clients so they have a list of "dodgy ports",
like SMTP, and ask the user whether to carry on if they get given
a URL that points to one?