[5221] in www-talk@info.cern.ch
Re: Finger URL
daemon@ATHENA.MIT.EDU (Rob Raisch, The Internet Company)
Sun Aug 21 16:24:50 1994
Date: Sun, 21 Aug 1994 22:12:00 +0200
Errors-To: listmaster@www0.cern.ch
Errors-To: listmaster@www0.cern.ch
Reply-To: raisch@internet.com
From: "Rob Raisch, The Internet Company" <raisch@internet.com>
To: Multiple recipients of list <www-talk@www0.cern.ch>
<sigh> This *has* been discussed before. To death, actually.
<finger://whitehouse.gov:25/\
HELO%20cracker.com%0D%0A\
MAIL%20FROM%3A%20some%20crazy%20mofo%0D%0A\
RCPT%20TO%3A%20president%20gas%0D%0A\
%0D%0A\
I%20AM%20GONNA%20KILL%20YOU%20FOR%20THE%20REVOLUTION%0D%0A\
YOU%20FAT%20BASTARD%20%2D%2DHELTER%20SKELTER%0D%0A>
Until all of the services on the net are moderately secure, this WILL happen
if we support something like a finger URL. Of course, gopher: already
allows you to do this, if you are clever.
This is even a bigger problem than it might be, given the terrifically bad
idea of running caching servers. (IMHO)
It took me sometime to acknowledge that we should be careful what we
allow the abberant user. I used to think that we as technologists should
not have to be placed in the position of having to arbitrate "acceptable
use" of the tools we write, by limiting their effectiveness.
Some days I still think this way. You caught me on the other day.
</rr>
