Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: More Internet Explorer zone confusion

From: dave () TECHNOPAGAN ORG (David E. Smith)
Date: Mon, 8 Mar 1999 09:06:23 +0000

On Fri, 5 Mar 1999, Jim Paris wrote about the Local Intranet Zone.

All the comments made are, technically, correct, but Microsoft could have
at least tried. None of these are foolproof, but they're a start.

* Be paranoid about entries in the hosts file. Arguably, hosts files are
obsolete, thanks to DNS. (No, I won't make the argument.)
* Warning dialog boxes for the above, and maybe for anything where the TLD
is guessed at. (The http://microsoft/ example. Just warn the user that the
requested site was guessed, give some sane options like `Go there, treat
it as Internet', `Go there, treat it as local', `Don't go there', and so
on.)
* Anything that doesn't resolve to a designated local zone (10.*.*.*, and
the other reserved addresses) gets the same warning.

Or, just change the default behaviour on all those to treat the site as
Internet rather than intranet. Probably easier that way, though a bit more
troublesome for the user, especially when we guess wrong.

Care to take bets on whether anything even remotely like this is ever
done?

...dave
Previous By Date Next
Previous By Thread Next

Current thread: