On Wed, 2004-08-25 at 18:47, Colin Walters wrote:
> On Tue, 2004-08-24 at 11:57 +0200, Nils Philippsen wrote:
> > On Mon, 2004-08-23 at 23:23, Colin Walters wrote:
> > > On Mon, 2004-08-23 at 22:15 +0200, Nils Philippsen wrote:
> > >
> > > > To get back to your example, not every
> > > > company may have the will, foresight or resources to install a second
> > > > LAN just for external people.
> > >
> > > Sure. I don't think we can handle every possible case with zero
> > > configuration. But the point is to try very hard to handle as much of
> > > it as possible.
> >
> > Of course, contrary to how my posts may have sounded like I really
> > appreciate if there are automatisms for these sane, common cases.
>
> Well at the very worst, Preferences->Network Proxy is still there. What
> it could use is a "Set for this network session only" or something, by
> being integrated with NetworkManager.
>
> > > > Any error detected in the browser
> > > > should be distinguishable as such,
> > >
> > > Why is that?
> >
> > Other than the usual power user's whine of me, having it as a web page
> > may have potential security implications -- if there are holes found in
> > the browser, we might have people trying to exploit the fact that this
> > error is displayed as a web page, i.e. phishing, e.g. directing people
> > to other web pages that look more or less exactly like this, the "please
> > change your proxy setting" which would of course be a proxy under their
> > control.
>
> I don't think that the "please change your proxy setting" URL would be
> able to change the proxy itself. It would simply launch the proxy
Yes I did think so as well.
> preference dialog. And certainly the browser should be configured so
> that the preference dialog can only be launched from its internally-
> generated error page.
That when some people are struggling to get the majority of
Windows-ridden persons _not_ to trust everything that's on a web page...
Well the idea is that there will be bugs and there will be security
holes and that I don't want to make it easier for the Black Hats to
exploit these by just popping up a nicely crafted web page. Just think
about the changes you need to do: now you have to check whether
following special links is allowed, therefore you have to remember that
a page is internal... With a dialog you get all of this for free and
trust me, people are not that scared by dialogs than you seem to think
;-).
Nils
--
Nils Philippsen / Red Hat / nphilipp@xxxxxxxxxx
"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety." -- B. Franklin, 1759
PGP fingerprint: C4A8 9474 5C4C ADE3 2B8F 656D 47D8 9B65 6951 3011
