On Fri, 5 Mar 1999, Jim Paris wrote about the Local Intranet Zone. All the comments made are, technically, correct, but Microsoft could have at least tried. None of these are foolproof, but they're a start. * Be paranoid about entries in the hosts file. Arguably, hosts files are obsolete, thanks to DNS. (No, I won't make the argument.) * Warning dialog boxes for the above, and maybe for anything where the TLD is guessed at. (The http://microsoft/ example. Just warn the user that the requested site was guessed, give some sane options like `Go there, treat it as Internet', `Go there, treat it as local', `Don't go there', and so on.) * Anything that doesn't resolve to a designated local zone (10.*.*.*, and the other reserved addresses) gets the same warning. Or, just change the default behaviour on all those to treat the site as Internet rather than intranet. Probably easier that way, though a bit more troublesome for the user, especially when we guess wrong. Care to take bets on whether anything even remotely like this is ever done? ...dave
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:38:15 PDT