Full Disclosure mailing list archives
Re: Apparently the practice was prevalent
From: Ron DuFresne <dufresne () winternet com>
Date: Mon, 9 Feb 2004 11:48:28 -0600 (CST)
[SNIP]
As Valdis said earlier, user:password@site is a DE FACTO standard. It goes against the RFC? Well, get over it. Such is life. It has not been the first time, and it will not be the last one. What defines a de facto standard is prevalence of use. Nobody can argue that the IE browser is not prevalent...
These 'defacto' standards you mention are more often refered to as 'undocumanted features', most referenced with the information that in being undocumented features, that they should be avoided, as they may well prove not to be in the next version upgrade of the application. At best M$ IE and the other broswer vendors should have clearly stated this, some may well have.
Is it a Real Bad Idea? Yes, certainly. Should it be used? No. But, still, MS implemented it, and promoted it's use. Now, due to their inability to fix OTHER problems, they took it out. Finally -- from a security point of view, I am really glad. But it was still a (de facto) standard, still a standard, still a standard. So obviously there are people out there that will have to scramble to get their things back working. After all, MS suddenly took it out... and, also expected, MS would have to provide a backdoor. We can just hope that a future fix will take it out for once and for all.
Whew! at least the content here proves here that this is not another whine about an unsafe practise which florished now being discarded for it's unsafe potentials is a bad thing<TM> for M$ to have finally dealt with. As for whose to blame by all those corp sites that now have to be redone, lazy webadmin/site designers that took an unsafe shortcut with undocumented features that they should have known better then implimenting in the first place. So, so companies might need to ask for refunds for the sites they had designed so poorly by contractors and or employees. And it certainly means alot of web designers are now 'fixing' things off the books with no reimbersment. Bummer, such is life when one heeds not the standards, and attempts a shortcut with security implications. Thanks, Ron DuFresne ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart ***testing, only testing, and damn good at it too!*** OK, so you're a Ph.D. Just don't touch anything. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Apparently the practice was prevalent Paul Schmehl (Feb 08)
- RE: Apparently the practice was prevalent Shawn K. Hall (RA/Security) (Feb 08)
- Re: Apparently the practice was prevalent Stefan Esser (Feb 08)
- RE: Apparently the practice was prevalent Shawn K. Hall (RA/Security) (Feb 08)
- Re: Apparently the practice was prevalent hggdh (Feb 08)
- Re: Apparently the practice was prevalent Luke Norman (Feb 08)
- Re: Apparently the practice was prevalent Scott Taylor (Feb 08)
- Re: Apparently the practice was prevalent Nick FitzGerald (Feb 08)
- Re: Apparently the practice was prevalent Mattias Ahnberg (Feb 10)
- Re: Apparently the practice was prevalent Luke Norman (Feb 08)
- Re: Apparently the practice was prevalent Nick FitzGerald (Feb 08)
- Re: Apparently the practice was prevalent Ron DuFresne (Feb 09)
- Re: Apparently the practice was prevalent Nick FitzGerald (Feb 08)
- RE: Apparently the practice was prevalent Shawn K. Hall (RA/Security) (Feb 08)
- RE: Apparently the practice was prevalent Nick FitzGerald (Feb 09)
- RE: Apparently the practice was prevalent Shawn K. Hall (RA/Security) (Feb 09)
- RE: Apparently the practice was prevalent Shawn K. Hall (RA/Security) (Feb 08)
- <Possible follow-ups>
- RE: Apparently the practice was prevalent Schmehl, Paul L (Feb 09)
- Re: Apparently the practice was prevalent Cael Abal (Feb 09)
- RE: Apparently the practice was prevalent John . Airey (Feb 10)
- Re: Apparently the practice was prevalent Martin Mačok (Feb 10)
- RE: Apparently the practice was prevalent John . Airey (Feb 10)
- Re: Apparently the practice was prevalent Martin Mačok (Feb 10)