Full Disclosure mailing list archives
Exclusive: Windows 2000 & Windows NT 4 Source Code Leaks
From: "jB" <jbistogood () hotmail com>
Date: Thu, 12 Feb 2004 19:29:20 -0000
Yes, it's not an exploit, but close... Seems MS just joined the open source alliance: http://neowin.net/comments.php?id=17509&category=main JB----- Original Message ----- From: "mescsa" <mescsa () yahoo com>
To: <full-disclosure () lists netsys com> Sent: Monday, February 09, 2004 9:14 PMSubject: Re: [Full-disclosure] another product affected by recent MS IE '@' patch
Nick FitzGerald <nick () virus-l demon co uk> wrote:... and, most importantly, you should note that the "userinfo" part is _outside_ the definition of "hostport", and thus outside the "host" part. Ergo, HTTP URLs are explicitly (and presumably deliberately) defined to _NOT_ support "userinfo" data so any implementation that does is non-compliant.This is your interpretation of section 3.2.2 of RFC 2616. However section 3.2.1 of the same document states that "For definitive information on URL syntax and semantics," you should "see 'Uniform Resource Identifiers (URI): Generic Syntax and Semantics,' RFC 2396." Since there are neither any MUST NOTs in RFC 2616 nor any apparent technical reasons why userinfo should be banned from HTTP-URLs, it is clear that not everyone will follow your reasoning. That's why implementors have choosen to make use of the userinfo-part in services, protocols and user agents. Regards, mescsa __________________________________ Do you Yahoo!? Yahoo! Finance: Get your refund fast by filing online. http://taxes.yahoo.com/filing.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- another product affected by recent MS IE '@' patch martin f krafft (Feb 08)
- Re: another product affected by recent MS IE '@' patch Nick FitzGerald (Feb 08)
- Re: another product affected by recent MS IE '@' patch mescsa (Feb 08)
- Re: another product affected by recent MS IE '@' patch Nick FitzGerald (Feb 08)
- Re: another product affected by recent MS IE '@' patch Guido van Rooij (Feb 09)
- Re: another product affected by recent MS IE '@' patch Guido van Rooij (Feb 09)
- Re: another product affected by recent MS IE '@' patch mescsa (Feb 09)
- Exclusive: Windows 2000 & Windows NT 4 Source Code Leaks jB (Feb 12)
- Re: another product affected by recent MS IE '@' patch mescsa (Feb 08)
- Re: another product affected by recent MS IE '@' patch Nick FitzGerald (Feb 08)
- <Possible follow-ups>
- RE: another product affected by recent MS IE '@' patch David Farinic (Feb 09)
- RE: another product affected by recent MS IE '@' patch Darren Bennett (Feb 09)
- RE: another product affected by recent MS IE '@' patch Brad Griffin (Feb 09)