Phil Karlton wrote:
Rich Graves wrote:
How about limiting URLs on non-blessed ports to, say, 64 alphanumeric characters? I'm sure the documentation writers and technical support folks would hate you, but it should address these concerns.
This is not good enough. Many people, feeling secure on their side of a firewall, put proprietary information in their .plan files. Since the the Navigator is running inside that firewall, we can't give access to that data to sources coming from outside the firewall. Given the many ways to construct a URL, the safest was to prevent any access to the finger port (along with a number of others).
Of course, this isn't really a good reason because there's no way to get the information back out to the other side of the firewall. As a matter of fact, limiting URLs as Rich suggests might in fact be good enough. It's one of the possibilities we'll be looking at for reenabling finger and whois. -- Sure we spend a lot of money, but that doesn't mean | Tom Weinstein we *do* anything. -- Washington DC motto | tomw@netscape.com