gopher and similar holes caused by writing to URL-specified ports
Keith Moore <moore@cs.utk.edu>
Message-id: <9308131755.AA07156@thud.cs.utk.edu>
To: www-talk@nxoc01.cern.ch
Subject: gopher and similar holes caused by writing to URL-specified ports
Cc: moore@cs.utk.edu
From: Keith Moore <moore@cs.utk.edu>
Date: Fri, 13 Aug 1993 13:55:51 -0400
Sender: moore@cs.utk.edu
Status: RO
Given that gopher servers already exist on many random ports, it seems like
simply restricting ports isn't quite the right solution.
I realize this is somewhat up to the gopher guys, but how about declaring
that: any gopher URL that (a) specifies a port other than the "standard"
gopher port, and (b) includes a newline, is not valid?
Do gopher servers really (in practice) accept newlines in query strings?
Keith