On Thu, 2003-07-03 at 14:40, Andrew Jorgensen wrote: > Michael L Torrie wrote: > > > If only BYU's OIT dept was so forward-thinking: > > > > http://www.fpg.unc.edu/~computersupport/HelpDocs/help004.html > > > > > Hmm, they're probably right. I hadn't thought of it that way. Except > Konqueror has the same design "problem".
Not really, since Konqueror uses the mime-type and not the file extension when it executes things from html pages. Also, since konqueror is not part of the OS, it's not vulnerable to the types of exploits that IE has been, being so deeply embedded in the OS. In short, I think konqueror more securely handles file types when display is requested, where as IE does examine the mime-type and then hands it off the the OS (not some KDE library -- this is the OS we're talking about) where the OS ignores mime-type and goes by extension only. And since the request was handed to it by a "trusted" application, it just goes ahead and blindly executes the thing. Not to mention the fact that windows is less usable in non-administrator mode, so everyone just runs as glorified 95-machines. The increase of separation (even in KDE) over how windows does it makes Konq and other browsers (even file browsers) inherently more secure. Michael Michael -- Michael L Torrie <[EMAIL PROTECTED]> ____________________ BYU Unix Users Group http://uug.byu.edu/ ___________________________________________________________________ List Info: http://uug.byu.edu/cgi-bin/mailman/listinfo/uug-list
