Re: [Full-Disclosure] shell:windows command question

• Previous message: Eric Paynter: "RE: [Full-Disclosure] How big is the danger of IE?"
• Maybe in reply to: Perrymon, Josh L.: "[Full-Disclosure] shell:windows command question"
• Next in thread: Darren Reed: "Re: [Full-Disclosure] shell:windows command question"
• Reply: Darren Reed: "Re: [Full-Disclosure] shell:windows command question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: Darren Reed <avalon@cairo.anu.edu.au>
Date: Thu, 08 Jul 2004 10:28:22 -0400

Darren Reed wrote:

>>>A simple solution would be to add the shell protocol to this list.
>>>Personally I think a secure blacklist is hard to maintain as new
>>>dangerous external protocols could be invented by third-parties leaving
>>>Mozilla vulnerable again.
>>>
>>>
>>Completely agreed.
>>
>>There should be a whitelist, not a blacklist... a safe protocols list.
>>
>>
>
>And what would happen?
>
>Nobody would configure anything but those.
>
>And what would happen next?
>
>People would find ways to put their "new stuff" inside the "safe ones".
>
>Kind of like how "http" is declared safe (but is it really??) and so
>every man and their dog tunnels their proprietary stuff through that
>because it'll go through firewalls.
>
>
>

And you're suggesting that allowing local protocols to run local code
per the background call of a website is better?

             -Barry

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

• Previous message: Eric Paynter: "RE: [Full-Disclosure] How big is the danger of IE?"
• Maybe in reply to: Perrymon, Josh L.: "[Full-Disclosure] shell:windows command question"
• Next in thread: Darren Reed: "Re: [Full-Disclosure] shell:windows command question"
• Reply: Darren Reed: "Re: [Full-Disclosure] shell:windows command question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]