On Wed, 28 Feb 1996, David A Wagner wrote:
This has been discussed a lot in the URI working groups since around 92. I think it's actually documented in the RFC
Really? Could you give me any pointers to read up on?
I searched extensively at www.w3.org, and I did find the following excerpt in RFC1738 under Security Considerations:
I don't think this addresses exactly the same thing I was talking about-- I'm talking about a way to exploit arbitrary security holes, even against machines (normally) protected inside a firewall.
could still be exploited-- Ian has discovered a way to send arbitrary email messages with arbitrary headers to arbitrary hosts by abusing the mailto: URL, which should be sufficient to exploit several sendmail
So was that what you were talking about, or was there more discussion?
This is roughly what was talked about; I seem to remember DEBUG being discussed with this (it's the one that takes the least typing). The URI WG often got so tedious and repetetitive I may have been unconscious and dreaming it :-) Simon --- They say in online country So which side are you on boys There is no middle way Which side are you on You'll either be a Usenet man Which side are you on boys Or a thug for the CDA Which side are you on? National Union of Computer Operatives; Hackers, local 37 APL-CPIO