[53216] in Cypherpunks

home help back first fref pref prev next nref lref last post

Re: Netscape 2.01 fixes server vulnerabilities by breaking the client...

daemon@ATHENA.MIT.EDU (Tom Weinstein)
Thu Apr 4 01:31:22 1996

Date: Wed, 03 Apr 1996 21:59:05 -0800
From: Tom Weinstein <tomw@netscape.com>
To: cypherpunks@toad.com
Cc: Phil Karlton <karlton@netscape.com>

Phil Karlton wrote:
> Rich Graves wrote:
> 
> > How about limiting URLs on non-blessed ports to, say, 64
> > alphanumeric characters? I'm sure the documentation writers and
> > technical support folks would hate you, but it should address these
> > concerns.
> 
> This is not good enough. Many people, feeling secure on their side of
> a firewall, put proprietary information in their .plan files. Since
> the the Navigator is running inside that firewall, we can't give
> access to that data to sources coming from outside the firewall. Given
> the many ways to construct a URL, the safest was to prevent any access
> to the finger port (along with a number of others).

Of course, this isn't really a good reason because there's no way to
get the information back out to the other side of the firewall.

As a matter of fact, limiting URLs as Rich suggests might in fact be
good enough.  It's one of the possibilities we'll be looking at for
reenabling finger and whois.

-- 
Sure we spend a lot of money, but that doesn't mean | Tom Weinstein
we *do* anything.  --  Washington DC motto          | tomw@netscape.com

home help back first fref pref prev next nref lref last post