lynx-dev
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: LYNX-DEV Alert!: file: URLs via bookmarks are disallowed! ???

From: Foteos Macrides
Subject: Re: LYNX-DEV Alert!: file: URLs via bookmarks are disallowed! ???
Date: Mon, 04 Aug 1997 13:16:58 -0500 (EST) 
William Yang <address@hidden> wrote:
>[...]
>I run a Free-Net with over 20,000 users, and am trying to get a
>phase-in of Lynx (instead of Gopher, which we currently run) as the
>user's interface and menu system .  I would like to offer DirEd
>support to *some* of my users.  I was thinking about it, and figured I
>could use a server-side CGI script to give the file://localhost/[path]
>links... but I need to block FILE:// links from everywhere else for
>security reasons.
>
>Is there a straightforward way to do this?  Seems like the trusted
>exec structures could be modified to do this... but it's unclear
>to me whether there's a better way.
>
>Does anyone have any thoughts on the subject, in terms of good design?
>I'm afraid I'm not really into the Lynx code far enough at this point
>to see whether it's going to be unreasonably difficult... and was
>hoping some of the developers could point the way (mind, I'll do the
>work... I'm just hoping to build a little insight into the structure
>of the code before I go in to boldly make a mess of it ;-).

        If you use a file URL in a configured jumps file, the file_url
restriction will be overridden for that.  For example, if you use
href="file://localhost/~"  that will yield a directory listing of the
account's $HOME and anything in and under that can be browsed, but that's
read only, not full DIRED_SUPPORT.  Basically, any file://localhost/foo
URL accessed via the jumps file creates a permissable realm (based on
prefix matching to subsequent URLs), homologous to a trusted path.

                                Fote

=========================================================================
 Foteos Macrides            Worcester Foundation for Biomedical Research
 address@hidden         222 Maple Avenue, Shrewsbury, MA 01545
=========================================================================
;
; To UNSUBSCRIBE:  Send a mail message to address@hidden
;                  with "unsubscribe lynx-dev" (without the
;                  quotation marks) on a line by itself.
;
reply via email to
[Prev in Thread] Current Thread [Next in Thread]