]] Franklin PIAT | On Mon, 2010-05-10 at 10:43 +0200, Tollef Fog Heen wrote: | | > Given you can't accidentially disclose credentials any more by having | > something be a link than you can do so by putting it inline in a text on | > a page, I don't really see that as a valid reason. | | I mean the visitor's credentials. for instance, there used to be a known | vulnerability in SMB/CIFS file sharing: if you put a link/image on a | file://\\myhostname\share\foo.jpg, web browsers used to connect | *automatically* to that share to retrieve the jpg file... the password | was send as clear text to "myhostname".
I must confess I've never ever even considered somebody doing something that stupid. | I expect similar problem with imap:// and webdav:// urls. I've never heard of that happening; I can't say there are no clients out there that are so buggy though. [...] | > | - Does Debian or Windows or MacOS handle it? (with a popular tool) | > | > Yes, using git. | | I guess you mean "git gui". No, I mean using git. You asked if there were any tools that handled git URLs, yes there is, it's called git and is quite common. Being able to copy and paste URLs to the command line and having them recognised as links in a web browser is useful. -- Tollef Fog Heen UNIX is user friendly, it's just picky about who its friends are -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
