lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <000801c391cf$81e4d020$550ffea9@rms> From: rms at computerbytesman.com (Richard M. Smith) Subject: What software breaks because of this DNS feature? Hi, According to RFC1034, "cnn.com" and "cnn.com." should be the same domain names. However, it doesn't appear that programmers always understand that trailing dots can be added to domain names. For example, these two URLs both go to the CNN Web site in Internet Explorer: http://www.cnn.com/ http://www.cnn.com./ However, Internet Explorer considers these two domain names to be different when it comes to cookies. "cnn.com." gets a different cookie from "cnn.com" This behavior of Internet Explorer is a bug, but probably not a particularly bad one. Here's another example at Internic which treats the query "com" different than "com.". http://reports.internic.net/cgi/whois?whois_nic=com&type=domain http://reports.internic.net/cgi/whois?whois_nic=com.&type=domain My two questions: How much other software behaves incorrectly because of a trailing period on a domain name? Do any of these problems represent serious bugs? Richard M. Smith http://www.ComputerBytesMan.com
Powered by blists - more mailing lists