[TriLUG] OT - wolves are circling the sheep
sholton at mindspring.com
sholton at mindspring.com
Tue Oct 28 14:37:13 EST 2003
Thus spoke Mike Mueller <linux-support at earthlink.net>
> I was thinking that replacing the original text in the URL with
> "longstringofgarbage" was sufficient to prevent anyone landing at the site.
Nope. According to the RFC's, the form of a URL is something like
<PROTO>://<USER>:<PASSWORD>@<DOMAIN | IP>/
where
<PROTO> is a supported protocol (http, ftp, telnet, afp, etc.)
<USER> is an account name for a site.
<PASSWORD> is the password for the account you want compromised #-(
<DOMAIN | IP> is the domain name.
So a URL like
telnet://nobody@trilug.org/
is as valid as it is stupid. Both Netscape (4.7) and IE (kinda) supported this;
Mozilla, thankfully, does not.
All you did was change the user name (or was it the password?)
--
Steve Holton
sholton at mindspring.com
More information about the TriLUG
mailing list