>MS98-016 dealt with addresses such as http://031713501415/ >... >user has the "Domain Suffix Search Order" in the TCP/IP DNS settings >... >The second case occurs when a host has an assigned alias in the hosts >... >"This behavior is correct"?!?!?! Give me a break. They obviously >didn't think so when they released the MS98-016 bulletin. > >Jim Paris >jimat_private The difference between MS98-016 and your examples is simple. The bulletin addressed an issue where an external site could, without your control, fool your browser into thinking a remote site was "local intranet". In your examples, the user must choose specific settings to allow the problem to occur. If you are concerned about the problem, simply remove .com, etc. from your DNS suffix search, and don't put nasty hosts in your hosts file. The zone settings are not meant to be rock-solid security protection. If they pose a risk to you, set all zones to the maximum security. This was all already talked about when the above-mentioned bulletin came out. In the end, this is not a "bug" in the browser - it's a configuration problem. While worthy of mention, it does not deserve flamage. Thanks, -= remmiN ymereJ | Jeremy Nimmer =-
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:38:14 PDT