Date: Mon, 20 Feb 1995 08:47:52 -0600
Message-Id: <199502201447.IAA11226@boombox.micro.umn.edu>
From: "Mark P. McCahill" <mpm@boombox.micro.umn.edu>
To: wade@cs.utk.edu, ietf-lists@proper.com, uri@bunyip.com
Subject: Re: New Internet-Draft: finger URL
In message <9502200257.AA01899@honk.cs.utk.edu> Reed Wade writes:
> However, I wouldn't mind seeing some discussion (even from people
> who haven't said anything yet) on 2 points that apply to but also
> transcend the finger url discussion--
>
> 1. ability to specify alternate port, how important is this?
> I know I've indicated this isn't too important in real life
> use of finger but I was able to come up with an instance where
> this would be useful (imagine using the ":" as port separator)--
>
> finger:therm.netlib.org:451
>
I'm pretty sure the security guys will jump up and down and scream about it...
I watched them jump up and down and scream about gopher URLs pointing
to a port other than 70 (even though loads of gopher servers live at ports
other than 70). Their point is that you can construct URLs that could (when
resolved) do something unexpected (like send a naughty e-mail message via
port 25). Of course, resolving a URL from another protocol that points to the
notoriously insecure sendmail port is a bad idea and clever client writers
should have safeguards in their software to prevent this.
The use you suggest for finger on a non-standard port (send a request for
something like temperature terminated by <cr><lf> and display the result) can
already can already be handled via gopher protocol and URL... which is what I
think I just saw on your homepage. Maybe the finger URL can be kept really
simple and you can use gopher URLs to do the "get-the-temperature" sorts of
things.
Mark P. McCahill gopherspace engineer
mpm@boombox.micro.umn.edu University of Minnesota
612 625 1300 612 625 6817 (fax)