On Wed, Sep 04, 2002 at 11:18:19AM -0600, [EMAIL PROTECTED] wrote: > I dislike this practice. Protection should be the responsibility > of the server, not the client.
Many Lynx developers seem to disagree, as the program blocks a few ports already, as well as having options such as realms and restrictions. > You don't know what the server may > attempt to serve on what port. Not in theory, no. In practice, people seem to follow IANA's recommendations pretty closely. If something answers on port 110 at all, you can be pretty sure it is a POP3 server. > For example, at one time, the > National Instute of Standards and Technology had on one of its pages: > > <A HREF="http://india.colorado.edu:13/";> See the correct time. </A> > > Simple, clever, effective, and harmless (I assume that they had the > permission of colorado.edu; in fact, I suspect india was NIST's > domain, borrowed from U. of C.) Lame! By clicking that link, a web client tries to talk HTTP with a server that doesn't support it. The server will rudely talk before the client has sent a query, and the answer from the server will be interpreted as an HTTP header by the client. Any web client that supports this flagrant misuse of standards is too kind. > But too many browsers (and the proxy I use) started to do what you propose, > and NIST needed to run an additional time daemon on a different port. > > > + if (value > 65535 || value < 0 || > > + value == 13 || value == 19 || > > I'm opposed. I'm willing to discuss what ports should be blocked, but the current situation where port 25 is blocked but not port 587 that does something similar is just silly. I don't really understand why Lynx needs to be able to talk HTTP with DNS servers either (lynx http://ns1.somesite.st:53/). I think anyone who tries that is up to some kind of mischief. // Ulf Harnhammar [EMAIL PROTECTED] http://www.metaur.nu/ ; To UNSUBSCRIBE: Send "unsubscribe lynx-dev" to [EMAIL PROTECTED]
