[53216] in Cypherpunks
Re: Netscape 2.01 fixes server vulnerabilities by breaking the client...
daemon@ATHENA.MIT.EDU (Tom Weinstein)
Thu Apr 4 01:31:22 1996
Date: Wed, 03 Apr 1996 21:59:05 -0800
From: Tom Weinstein <tomw@netscape.com>
To: cypherpunks@toad.com
Cc: Phil Karlton <karlton@netscape.com>
Phil Karlton wrote:
> Rich Graves wrote:
>
> > How about limiting URLs on non-blessed ports to, say, 64
> > alphanumeric characters? I'm sure the documentation writers and
> > technical support folks would hate you, but it should address these
> > concerns.
>
> This is not good enough. Many people, feeling secure on their side of
> a firewall, put proprietary information in their .plan files. Since
> the the Navigator is running inside that firewall, we can't give
> access to that data to sources coming from outside the firewall. Given
> the many ways to construct a URL, the safest was to prevent any access
> to the finger port (along with a number of others).
Of course, this isn't really a good reason because there's no way to
get the information back out to the other side of the firewall.
As a matter of fact, limiting URLs as Rich suggests might in fact be
good enough. It's one of the possibilities we'll be looking at for
reenabling finger and whois.
--
Sure we spend a lot of money, but that doesn't mean | Tom Weinstein
we *do* anything. -- Washington DC motto | tomw@netscape.com