On Tue, 28 Mar 2000, Leonid Pauzner wrote:
> 27-Mar-2000 10:10 Klaus Weide wrote:
> > As someone else already mentioned, there is a lynx.cfg option
> > to turn it off. (It may be reasonable to change the default
> > to NO_FILE_REFERER:TRUE.)
>
> I think:
> - one should disable file referer for lynx private pages (UIP),
There is no need for that, IMO. If NO_FILE_REFERER:TRUE is in effect,
then URLs of temp files don't get sent. If NO_FILE_REFERER:FALSE is
in effect, then it's supposedly OK to expose local filenames.
The temp filenames aren't any more sensitive than other filenames,
most likely much less "private" than regular user files.
The UI pages (to which this applies) *are* files. I see no point in
going to great lengths to obscure this fact. They can be treated like
normal files in most respects by the user, they show up as such on the
'=' INFO page etc. In my opinion, that's an *advantage*, not something
to be hidden.
> - the default for NO_FILE_REFERER should be changed (as mentioned
> above), as a consequense, change -nofilereferer command (rename??? or
> made it a toggle).
If the default setting is changed, there is still no need to change
the command line option. It can stay as it is. Don't make existing
options invalid and break people's existing scripts and aliases, unless
there is a clear need.
Klaus
