The answer to insecure network services is to make them more secure, not
to limit the deployment and usefulness of URLs.
If a dedicated cracker wishes to break the system, I would suggest that
writing an HTML document, and using that as a lock pick on doors which
have no locks to begin with, would be a marvelous exercise in stupidity.
</rr>
On Sat, 26 Jun 1993, William M. Perry wrote:
> What about security? What if some bozo decided to put a url like:
>
> tcp://some.generic.news.server:nntp/line#1\nCODE TO FORGE NEWSGROUP\n...
>
> or
>
> tcp://some.generic.news.server:25/HELO some.host\nRCPT TO: root\nMAIL
> FROM: stupid.user\nDATA\n Hey bozo - <Very derogative statements> Love
> - stupid.user\n.\nQUIT\n
>
> And called it something like "Man Pages For Ultrix"?
>
> Could lead to some interesting discussions with your local sysadmin if
> you clicked on that second one. :)
>
> I talked with Marc Vanheyningen about this a few months ago, and he
> convinced me that it would be a _BAD THING_ to do something like this.
> Not that there are many bozos out there that would do one of the
> above, but it would only take one or two to cause some real trouble.
>
> -Bill Perry