[gopher] Re: Gopher+ Suggestion

To: gopher@complete.org
Subject: [gopher] Re: Gopher+ Suggestion
From: Cameron Kaiser <spectre@stockholm.ptloma.edu>
Date: Mon, 22 Jul 2002 07:19:57 -0700 (PDT)
Message-id: <[🔎] 200207221419.HAA08854@stockholm.ptloma.edu>
Reply-to: gopher@complete.org
In-reply-to: <Pine.LNX.4.21.0207221454330.23953-100000@pinkstuff.transformers.org.uk> from Thomas Thurman at "Jul 22, 2 02:59:47 pm"

> > > A problem fairly specific to Gopher is that many gopher clients
> > > (especially ones in web browsers) don't support connections to ports other
> > > than 70, because Gopher is _so_ flexible that it's possible to write

> > I haven't ever seen this.  Perhaps in Konqueror?  But then it doesn't
> > support Gopher well anyway.  Maybe IE?  I seem to recall Cameron mentioning
> > IE problems.

> <http://bugzilla.mozilla.org/show_bug.cgi?id=71916> explains why Mozilla
> was modified to allow gopher connections only to port 70.
> >From the comments to that bug:
> 
> : As blake was checking in gopher for me, jgmyers pointed out that the
> : fact that gopher allows connections to any port may be a security hole.
> : If an attacker can get someone to click onto a URL (like the above),
> : (say, behind a firewall) could theoretically be exploited, on any port
> : (eg bind/apache/etc)

While true, this should hardly be the responsibility of the client to
enforce -- this only masks badly written server software and makes it
less likely to find exploits. I strongly question the intelligence of this
decision.

-- 
----------------------------- personal page: http://www.armory.com/~spectre/ --
 Cameron Kaiser, Point Loma Nazarene University * ckaiser@stockholm.ptloma.edu
-- It is not enough to succeed. Others must fail. -- Gore Vidal ---------------

Reply to:

Prev by Date: [gopher] Re: Gopher+ Suggestion
Next by Date: [gopher] Re: Gopher+ Suggestion
Previous by thread: [gopher] Re: Gopher+ Suggestion
Next by thread: [gopher] Re: Gopher+ Suggestion
Index(es):
- Date
- Thread