[1609] in WWW Security List Archive
Netscape && FTP sites
daemon@ATHENA.MIT.EDU (Seth I. Rich)
Tue Mar 12 16:04:44 1996
Date: Tue, 12 Mar 1996 13:00:45 -0500
To: www-security@ns2.rutgers.edu
From: "Seth I. Rich" <seth@hygnet.com>
Errors-To: owner-www-security@ns2.rutgers.edu
I was recently looking for documentation on the Netscape site and I found
something which disturbed me a bit. (The Netscape site isn't lynx-friendly,
so I can't search it now for a citation.)
Is it true that, when connecting to an anonymous FTP site, Netscape sends
username anonymous and password "mozilla@<site>"? It was my understanding
(in fact, the FTP sites I maintain say this explicitly) that the password
specified is to be the email address of the person requesting (or submitting)
the data. What I recall reading is that Netscape -always- sends this bogus
address even if the user has entered her real address into the browser's
configuration.
Is this true? Does this seem like a problem to anyone else? Is it patchable?
Seth
---------------------------------------------------------------------------
Seth I. Rich - seth@hygnet.com - (610) 859-0100
Systems Administrator / Webmaster, HYGNet My words are my own; please
Rabbits on walls, no problem. don't blame my employer!
