[prev in list] [next in list] [prev in thread] [next in thread]
List: kmail-devel
Subject: Fwd: Re: Bug#24528 acknowledged by developer (kmail URL reference "file:" not "recognised")
From: Michael =?iso-8859-1?q?H=E4ckel?= <Michael () Haeckel ! Net>
Date: 2001-04-22 14:11:55
[Download RAW message or body]
---------- Forwarded Message ----------
Subject: Re: Bug#24528 acknowledged by developer (kmail URL reference "file:"
not "recognised")
Date: Sun, 22 Apr 2001 12:11:52 +0200
From: Remko Scharroo <remko@deos.tudelft.nl>
To: Michael Häckel <Michael@Haeckel.Net>
> On Sunday, 22. April 2001 02:11, remko@deos.tudelft.nl wrote:
> > When using an http: or ftp: reference in a mail it is recognised as a
> > URL, is highlighted and is clickable. However, not so with file:
>
> We intentionally disabled file: some time ago for security reasons and
> because we didn't consider local links in a mail useful.
> Otherwise it might be too easy possible to execute a possibly dangerous
> local command with a single click. Maybe in text mails that does not happen
> that easy, since the users sees the real URL, but at least in HTML mail
> that is more dangerous, since the displayed string and the URL can differ
> very much.
>
> Regards,
> Michael Häckel
Dear Michael,
Although I see your point about security, I do not think it is the task of
the developper to disable options that may possibly form threats to security
by the stupidity or negligance of the user.
I frequently use file: references in my text mails to colleagues on our local
network. Instead of attaching a possibly large document to the mail, I just
refer them directly to the file on disk. Saves disk space, download and
handling time. I do the same in reverse. When I get large attachments that I
have to save anyhow to do something useful with them, I replace the MIME
encoded part by the file: reference. It's a bit annoying that it is no longer
clickable, while it is (still) in Netscape.
I suggest either of the following options:
1) Enable active file: references in text (non-html mails)
2) Add an option to enable or disable active file: (or anything) references
in text (and/or html) mails.
Again, I do not think that (in this case) the developper should make his own
interpretation of what should be a useful link or not. Besides, I do not see
why a file: link should be more dangerous than an http: link.
Looking forward to your views on this issue.
Best regards,
Remko
-------------------------------------------------------
_______________________________________________
Kmail Developers mailing list
Kmail@master.kde.org
http://master.kde.org/mailman/listinfo/kmail
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic