Re: finger, again

Paul Hoffman (
Mon, 6 Mar 1995 09:06:25 -0700

Message-Id: <v02110108ab80e22598b6@[]>
Date: Mon, 6 Mar 1995 09:06:25 -0700
From: (Paul Hoffman)
Subject: Re: finger, again

At 9:53 AM 3/6/95, wrote:
>It might make sense to restrict the outgoing request to only a single line,
>as I believe the finger protocol works (at least, I've never been able to
>get a server to parse more than one line).  This would reduce the
>possibility of a port 25 (SMTP) spoof.

The current (and future) draft says: "Clients should not
decode CR and LF characters in a URL."

>Speaking of end-of-lines, does your
>finger proposal specify how the <request> is terminated?

No, because...

>Does the finger
>protocol spec?

Yes, it does: a CRLF. Thus, the client reads the URL and turns it into a
request. In the case of a mindful client, this means decoding, checking for
security, checking for sanity, slapping on a CRLF, and sending it on its

--Paul Hoffman
--Proper Publishing