[9833] in bugtraq
Re: More Internet Explorer zone confusion
daemon@ATHENA.MIT.EDU (Oliver Lineham)
Mon Mar 8 12:51:21 1999
Date: Mon, 8 Mar 1999 23:37:28 +1300
Reply-To: Oliver Lineham <oliver@LINEHAM.CO.NZ>
From: Oliver Lineham <oliver@LINEHAM.CO.NZ>
To: BUGTRAQ@NETSPACE.ORG
At 21:53 5/03/99 -0500, you wrote:
Yech.
>That means that IE has to rely on the URL. By convention, an URL that does
>not end with a "dot-something" (.com, .edu, .gov, etc) is assumed to be an
>internal site. I'm told that this is how all web browsers make the
>distinction. You have to make specific reconfigurations to allow the
>dotless URLs to resolve externally. Thanks,
This is insane - and most probably not how it distinguishes domains at all.
Such a system implies that the "dot-something"s are hard-coded into the
browser! This would be a similar flaw to the original cookie
specification's one about domains that I announced last year. Consider:
- Country domains. They're not dot-somethings, but under this regime
anything from somewhere like New Zealand (.nz) would be a "Local Intranet
Site".
- New TLDs. Internic goes and adds a .web or .store or something that
didn't exist when the browser was released. I'm sure all the e-commerce
sites on .store would love their servers being considered "Local Intranet
Sites"!
If this is how the zones are implemented, then its insane. If not, then
IE's claim of being able to distinguish intranet sites from internet ones
is an outright lie and the "feature" should be removed.
Oliver
---------------------------------------------------
Internet Services / Webdesign / Strategic Planning
PO Box 30-481, Lower Hutt, NZ oliver@lineham.co.nz
Phone +64 4 566-0627 Facsimile +64 4 570-1900
