- From: Mark P. McCahill <mpm@boombox.micro.umn.edu>
- Date: Mon, 20 Feb 1995 08:47:52 -0600
- To: wade@cs.utk.edu, ietf-lists@proper.com, uri@bunyip.com
In message <9502200257.AA01899@honk.cs.utk.edu> Reed Wade writes: > However, I wouldn't mind seeing some discussion (even from people > who haven't said anything yet) on 2 points that apply to but also > transcend the finger url discussion-- > > 1. ability to specify alternate port, how important is this? > I know I've indicated this isn't too important in real life > use of finger but I was able to come up with an instance where > this would be useful (imagine using the ":" as port separator)-- > > finger:therm.netlib.org:451 > I'm pretty sure the security guys will jump up and down and scream about it... I watched them jump up and down and scream about gopher URLs pointing to a port other than 70 (even though loads of gopher servers live at ports other than 70). Their point is that you can construct URLs that could (when resolved) do something unexpected (like send a naughty e-mail message via port 25). Of course, resolving a URL from another protocol that points to the notoriously insecure sendmail port is a bad idea and clever client writers should have safeguards in their software to prevent this. The use you suggest for finger on a non-standard port (send a request for something like temperature terminated by <cr><lf> and display the result) can already can already be handled via gopher protocol and URL... which is what I think I just saw on your homepage. Maybe the finger URL can be kept really simple and you can use gopher URLs to do the "get-the-temperature" sorts of things. Mark P. McCahill gopherspace engineer mpm@boombox.micro.umn.edu University of Minnesota 612 625 1300 612 625 6817 (fax)
Received on Monday, 20 February 1995 10:01:20 UTC