> other means. If one were to include an inline image with the URL:
> ftp://ftp.com.net/my.gif, the browser would send the email address as
> part of the FTP login, which could then be retrieved from the logs.
> Atlas has a button to disable sending email address as password for
> anonymous FTP. Do MSIE or Mosaic or Lynx or ...?
I was somewhat more surprised to find use the URL:
ftp://someone:password @
ftp .
com/whatever/file
in netscape (at least 2.0 & 2.01) to retrieve a file. The obvious
flaws with ftp password sniffing aside, netscape caches the URL in
plaintext. In fact on my 32 bit windows version there's even the nice
little pull down box for recently used URL's. All the night janitor
would have to do is pull down a recently used URL on someone's PC to
grab a password. As far as I can tell there is not an easy way to
clear this box. I haven't tried bookmarking on the recent version, but
it's probably just as bad.
I can imagine the possibilities in a University Computer Lab where some
student wants to ftp to their server from Netscape for some reason.
- shawn
P.S. At least Netscape stopped printing in on printouts in recent
versions.
Shawn Steele
Webmaster
Information Systems Administrator
Association of Brewers (303) 447-0816 x 118 (voice)
736 Pearl Street (303) 447-2825 (fax)
PO Box 1679 shawn @
aob .
org (e-mail)
Boulder, CO 80306-1679 info @
aob .
org (aob info)
U.S.A. http://www.aob.org/aob (web)
Note: When replying to my messages, please include enough of my
message so that I know what you're replying to! :-)
Follow-Ups:
|
|
