15-Dec-99 07:21 T.E.Dickey wrote:
>> Relying on rand() for security is really a bad design choice, IMO.
> otoh, it improved on what was there (addressed the immediate cause for
> concern). I don't believe that any of us can come up with a completely
> secure scheme (nor could the critics ;-). However, using a sequential name
There is one: new LYNXfoo:/ scheme done via HTStreamStack() -
no temp files at all.
(recent example - LYNXMESSAGES:/ though I am not sure we want
to expand LYNXfoo:/ namespace too much. Not a technical problem,
just our consensus.)
Anyway, exept forms Options Menu (and now Visited Links page also),
we have a plain html files without any POST content nor possibility
to explore something comparing against any
file://localhost/.../file.html
> opens us up to criticism from people who don't concern themselves over
> whether the underlying filesystems itself is secure. Using rand() merely
> guarantees that the average fool (i.e., "hacker") would not break in.
> --
> Thomas E. Dickey
> [EMAIL PROTECTED]
> http://www.clark.net/pub/dickey
