RE: Winnt/Win2k Vuln ?

From: David Schwartz (davidsat_private)
Date: Sat Aug 11 2001 - 21:51:13 PDT

  • Next message: markat_private: "RE: [klmtfsat_private: Your Online Greeting Awaits You!]"

    Louis-Eric Simard wrote:
    
    > The major distinction here should one of action-domain constraints;
    
    	Exactly.
    
    > As we are limited by the fact that the shoddy name space is now
    > prevalent,
    > then context needs to be taken into account. As one types in a
    > URL without
    > specifying the underlying protocol (http:// or file://), there
    > should be no
    > ambiguity that the expected protocol is http, just as we do not naturally
    > expect file system requests to be carried over the web. The fix is in
    > filling-in missing protocol details, within logical usage
    > contexts, before
    > the request allocator gets a chance to goof it up.
    
    	For the record, I have submitted complaints/requests to the coders of both
    IE and Netscape arguing that, for example, 'ftp.microsoft.com' should be
    interpreted as 'http://ftp.microsoft.com' and not 'ftp://ftp.microsoft.com'
    (and analogously, the brower should not try to figure out what the user
    meant (ESP?) but should have a consistent default). I was basically laughed
    at by both Microsoft and Netscape.
    
    	I don't think it's unreasonable to have different operating modes where
    different defaults take place. For example, when acting as a 'file manager',
    file:// can be the default protocol. However, IMO, in ALL cases, the
    fully-qualified URL of the site/file you wind up at MUST be shown to the
    user. It is a serious error to abbreviate the displayed URL as IE does. I do
    not believe Netscape does this.
    
    	DS
    



    This archive was generated by hypermail 2b30 : Sun Aug 12 2001 - 21:42:29 PDT