Re: New Internet-Draft: finger URL

Mark P. McCahill (mpm@boombox.micro.umn.edu)
Mon, 20 Feb 1995 08:47:52 -0600


Date: Mon, 20 Feb 1995 08:47:52 -0600
Message-Id: <199502201447.IAA11226@boombox.micro.umn.edu>
From: "Mark P. McCahill" <mpm@boombox.micro.umn.edu>
To: wade@cs.utk.edu, ietf-lists@proper.com, uri@bunyip.com
Subject: Re: New Internet-Draft: finger URL 

In message <9502200257.AA01899@honk.cs.utk.edu> Reed Wade writes:
> However, I wouldn't mind seeing some discussion (even from people 
> who haven't said anything yet) on 2 points that apply to but also 
> transcend the finger url discussion--
> 
> 1. ability to specify alternate port, how important is this?
>    I know I've indicated this isn't too important in real life
>    use of finger but I was able to come up with an instance where 
>    this would be useful (imagine using the ":" as port separator)--
> 
>    finger:therm.netlib.org:451
> 

I'm pretty sure the security guys will jump up and down and scream about it...

I watched them jump up and down and scream about gopher URLs pointing 
to a port other than 70 (even though loads of gopher servers live at ports 
other than 70). Their point is that you can construct URLs that could (when 
resolved) do something unexpected (like send a naughty e-mail message via
port 25). Of course, resolving a URL from another protocol that points to the
notoriously insecure sendmail port is a bad idea and clever client writers 
should have safeguards in their software to prevent this. 

The use you suggest for finger on a non-standard port (send a request for 
something like temperature terminated by <cr><lf> and display the result) can 
already can already be handled via gopher protocol and URL... which is what I 
think I just saw on your homepage. Maybe the finger URL can be kept really 
simple and you can use gopher URLs to do the "get-the-temperature" sorts of 
things.





Mark P. McCahill                                 gopherspace engineer
mpm@boombox.micro.umn.edu                     University of Minnesota
612 625 1300                                       612 625 6817 (fax)