This is bringing the security problem down on the knowledge of the
user, which has never been a good idea (otherwise, password systems
would _work_). If the users don't understand what a command does, some
will never execute them (which is admittedly no worse than the current
situation), and some will always execute them, which doesn't provide
any security. I can see the neophytes looking at the box that popped
up with some gibberish, and saying that the Web is too complicated,
and then going back to gopher ;-)
Also, this will be extremely client specific. There's no advantage in
including the same extension in non-unix clients, as the exec will not
work in (say) VMS or MS-DOG. I'd like to see clients converge
towards a standard (or at least, have a standard converge towards
the clients), but this is not possible if URL's will only be useful
for one OS. It would also be annoying to maintain a different Web for
different clients.
You could probably make it work by designing a meta-language, that
could be implemented by each client. This way, you can build the
security in from the start, and not worry about unknowledgeable
users.
rik.
-- Rik Harris - [email protected] || Systems Programmer +61 3 560-3265 (AH) +61 3 565-3227 (BH) || and Administrator Faculty of Computing and Information Technology, || Vic. Institute of Clayton Campus, Monash University || Forensic Pathology