[gopher] Re: Gopher+ Suggestion
[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index] [Thread Index]
> > > A problem fairly specific to Gopher is that many gopher clients
> > > (especially ones in web browsers) don't support connections to ports other
> > > than 70, because Gopher is _so_ flexible that it's possible to write
> > I haven't ever seen this. Perhaps in Konqueror? But then it doesn't
> > support Gopher well anyway. Maybe IE? I seem to recall Cameron mentioning
> > IE problems.
> <http://bugzilla.mozilla.org/show_bug.cgi?id=71916> explains why Mozilla
> was modified to allow gopher connections only to port 70.
> >From the comments to that bug:
>
> : As blake was checking in gopher for me, jgmyers pointed out that the
> : fact that gopher allows connections to any port may be a security hole.
> : If an attacker can get someone to click onto a URL (like the above),
> : (say, behind a firewall) could theoretically be exploited, on any port
> : (eg bind/apache/etc)
While true, this should hardly be the responsibility of the client to
enforce -- this only masks badly written server software and makes it
less likely to find exploits. I strongly question the intelligence of this
decision.
--
----------------------------- personal page: http://www.armory.com/~spectre/ --
Cameron Kaiser, Point Loma Nazarene University * ckaiser@xxxxxxxxxxxxxxxxxxxx
-- It is not enough to succeed. Others must fail. -- Gore Vidal ---------------
|
|
