[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: LYNX-DEV Alert!: file: URLs via bookmarks are disallowed! ???

From: William Yang
Subject: Re: LYNX-DEV Alert!: file: URLs via bookmarks are disallowed! ???
Date: Mon, 4 Aug 97 10:45:16 EDT

Foteos Macrides wrote something like:

> >restrictions="-restrictions=shell,download,editor,bookmark,\
> >print,download,exec_frozen,dired_support,file_url"
>                                           ^^^^^^^^
>       You are restricting file: URLs, and that includes ones in bookmarks.
> Otherwise, someone could, for example, add a link for your password file in
> a network document, chose L)ink at the bookmarking prompt, then actually
> access it via that bookmark link.

This actually reminds me of another kind of problem.

I run a Free-Net with over 20,000 users, and am trying to get a
phase-in of Lynx (instead of Gopher, which we currently run) as the
user's interface and menu system .  I would like to offer DirEd
support to *some* of my users.  I was thinking about it, and figured I
could use a server-side CGI script to give the file://localhost/[path]
links... but I need to block FILE:// links from everywhere else for
security reasons.

Is there a straightforward way to do this?  Seems like the trusted
exec structures could be modified to do this... but it's unclear
to me whether there's a better way.

Does anyone have any thoughts on the subject, in terms of good design?
I'm afraid I'm not really into the Lynx code far enough at this point
to see whether it's going to be unreasonably difficult... and was
hoping some of the developers could point the way (mind, I'll do the
work... I'm just hoping to build a little insight into the structure
of the code before I go in to boldly make a mess of it ;-).

William D Yang                          Lead System Administrator
address@hidden          The Greater Columbus Free-Net
; To UNSUBSCRIBE:  Send a mail message to address@hidden
;                  with "unsubscribe lynx-dev" (without the
;                  quotation marks) on a line by itself.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]