[9838] in bugtraq
Re: More Internet Explorer zone confusion
daemon@ATHENA.MIT.EDU (iversen)
Mon Mar 8 14:42:57 1999
Date: Mon, 8 Mar 1999 11:07:19 -0600
Reply-To: iversen <signal11@MEDIAONE.NET>
From: iversen <signal11@MEDIAONE.NET>
X-To: Oliver Lineham <oliver@LINEHAM.CO.NZ>
To: BUGTRAQ@NETSPACE.ORG
Oliver Lineham wrote:
> - New TLDs. Internic goes and adds a .web or .store or something that
> didn't exist when the browser was released. I'm sure all the e-commerce
> sites on .store would love their servers being considered "Local Intranet
> Sites"!
>
> If this is how the zones are implemented, then its insane. If not, then
> IE's claim of being able to distinguish intranet sites from internet ones
> is an outright lie and the "feature" should be removed.
This seems to be trivial to resolve - put everything in the internet zone
unless it matches a list containing the local intranets. Then do
reverse-dns
of everything that's allegedly inside the intranet and make sure everything
matches up. It isn't a perfect solution, but it would make it substantially
harder to fake a remote site as local. You also get the added benefit of
not needing to worry about how IE resolves domains/ip addresses.
--
signal11@mediaone.net | BOFH, Malign networks
I'll give you the TCO of Linux as soon as my
calculator stops saying "divide by zero error."
