Re: finger, again

Paul Hoffman (ietf-lists@proper.com)
Mon, 6 Mar 1995 09:06:25 -0700


Message-Id: <v02110108ab80e22598b6@[165.227.40.21]>
Date: Mon, 6 Mar 1995 09:06:25 -0700
To: Jared_Rhine@hmc.edu
From: ietf-lists@proper.com (Paul Hoffman)
Subject: Re: finger, again
Cc: uri@bunyip.com

At 9:53 AM 3/6/95, Jared_Rhine@hmc.edu wrote:
>It might make sense to restrict the outgoing request to only a single line,
>as I believe the finger protocol works (at least, I've never been able to
>get a server to parse more than one line).  This would reduce the
>possibility of a port 25 (SMTP) spoof.

The current (and future) draft says: "Clients should not
decode CR and LF characters in a URL."

>Speaking of end-of-lines, does your
>finger proposal specify how the <request> is terminated?

No, because...

>Does the finger
>protocol spec?

Yes, it does: a CRLF. Thus, the client reads the URL and turns it into a
request. In the case of a mindful client, this means decoding, checking for
security, checking for sanity, slapping on a CRLF, and sending it on its
way.

--Paul Hoffman
--Proper Publishing