[Full-Disclosure] Interesting side effect of the new IE patch
jheidtke at fmlh.edu
Fri Feb 6 20:38:19 GMT 2004
> -----Original Message-----
> From: full-disclosure-admin at lists.netsys.com
> [mailto:full-disclosure-admin at lists.netsys.com] On Behalf Of
> Stefan Esser
> Sent: Friday, February 06, 2004 12:49 PM
> To: Bill Royds
> Cc: full-disclosure at lists.netsys.com
> Subject: Re: [Full-Disclosure] Interesting side effect of the
> new IE patch
> How is the car example different from HTTP URLs. Microsoft added a
> feature to the HTTP URLs. This is the way they work. They
> change standards
> into what they like. You may like that or not, but you
> absolutely CANNOT
> say that a browser that implements this feature is buggy.
> Because it isnt
> It just has a feature that is not covered by the standard.
You absolutely CAN say that a browser that implements this feature is
buggy. This feature is covered by the standard, and it is PROHIBITED!
What part of "No user name or password is allowed" don't you understand?
"No user name or password is allowed" is a direct quote from RFC 1738,
section 3.3 HTTP, which specifies the HTTP URL scheme.
Confidentiality Notice: This e-mail message, including any attachments,
is for the sole use of the intended recipient(s) and may contain
confidential and privileged information. Any unauthorized review, use,
disclosure or distribution is prohibited. If you are not the intended
recipient, please contact the sender by reply e-mail and destroy all
copies of the original message.
Full-Disclosure is hosted and sponsored by Secunia.