[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-Disclosure] Microsoft Faces Angry IE Users' Questions
- To: full-disclosure@xxxxxxxxxxxxxxxx
- Subject: Re: [Full-Disclosure] Microsoft Faces Angry IE Users' Questions
- From: "Eric Paynter" <eric@xxxxxxxxxxxxxxx>
- Date: Sat, 10 Jul 2004 21:58:39 -0700 (PDT)
On Sat, July 10, 2004 7:00 pm, Nick FitzGerald said:
> You need look no further back than the
> kerfuffle a couple of months ago over the removal of IE's patently
> incorrect support for "user:pwd@" userid data in http URIs for an
> example, but there are many other, earlier examples.
I'm a little confused by what you mean here. The "user:pwd@" prefix is a
part of the URI standard documented in the RFC. As far as I can tell, the
patently incorrect part is that they removed it and thus made the browser
(even more) lacking in standards support. It's a simple example of how MS
solves problems:
1. Fix the feature that is vulnerable
2. Disable the feature that is vulnerable
Lately, they just disable the feature. At this rate, pretty soon, Windows
won't do much.
-Eric
--
arctic bears - affordable email and name services @yourdomain.com
http://www.arcticbears.com
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html