| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <41B1FD84D49E05448A4233378E6BF475036492C8@entmsgnt03.fm.frd.fmlh.edu> From: jheidtke at fmlh.edu (Jerry Heidtke) Subject: Interesting side effect of the new IE patch > -----Original Message----- > From: full-disclosure-admin@...ts.netsys.com > [mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of > Stefan Esser > Sent: Friday, February 06, 2004 12:49 PM > To: Bill Royds > Cc: full-disclosure@...ts.netsys.com > Subject: Re: [Full-Disclosure] Interesting side effect of the > new IE patch > <snip> > > How is the car example different from HTTP URLs. Microsoft added a > feature to the HTTP URLs. This is the way they work. They > change standards > into what they like. You may like that or not, but you > absolutely CANNOT > say that a browser that implements this feature is buggy. > Because it isnt > It just has a feature that is not covered by the standard. > You absolutely CAN say that a browser that implements this feature is buggy. This feature is covered by the standard, and it is PROHIBITED! What part of "No user name or password is allowed" don't you understand? "No user name or password is allowed" is a direct quote from RFC 1738, section 3.3 HTTP, which specifies the HTTP URL scheme. Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message.
Powered by blists - more mailing lists