[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Lynx-dev] Lynx 2.8.6

From: Doug Kaufman
Subject: Re: [Lynx-dev] Lynx 2.8.6
Date: Sun, 15 Oct 2006 15:40:05 -0700 (PDT)

On Fri, 13 Oct 2006, Jeffrey D. Benton wrote:

> Thanks for your two e-mails. To summarize what you've said thus far:
> (1) With Linux I can build a Lynx that will not access ftp sites. (2) I
> can build a Lynx that will not save anything to disk (A:\). (3) Lynx.cfg
> configuration settings can be changed to make it difficult to save files
> to disk (A:\).

Not quite. You don't need linux. Any lynx can be built without code to
access ftp sites. I said that lynx could be built to not save to disk. I
didn't say "floppy disk". This applies to the hard disk as well.
> In my earlier e-mail I wrote that I didn't want the possibility that
> settings could be changed--specifically by an "intelligent user." OK,
> time for me to lower my standards a bit. I'll settle for security by
> obscurity. The more security the better, but maybe defeating the average
> user is good enough.

I've built a Windows binary that has saving to disk and downloading
disabled. Although it can still probably be worked around, it is
probably better than "security by obscurity". I'll write to you
privately with instructions on getting the files.

> ... 
> Speaking of the Lynx.cfg file, does Lynx really care what application
> is used to create this file? Suppose I insert that entire file into
> Corel WordPerfect 9 and assign it an identical name; that is, Lynx.cfg.
> Would it still work? (You can password protect WPD files, so overcoming
> the Lynx.cfg setting would then require the insertion of a new Lynx.cfg
> file.)

You missed the key point here. It isn't the security of your
configuration file. If your users have access to the command
line and have write access to the disk, they can just type 
"lynx -cfg=my_cfg_file" and totally bypass your configuration file,
regardless of how protected it is. Nothing overrides the command line
for lynx except for compiled-in restrictions. The lynx.cfg file has to
be a plain text file.

Doug Kaufman
Internet: address@hidden

reply via email to

[Prev in Thread] Current Thread [Next in Thread]