'Re: Fwd: Re: Bug#24528 acknowledged by developer (kmail URL reference "file:" not "recognised")'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kmail-devel
Subject:    Re: Fwd: Re: Bug#24528 acknowledged by developer (kmail URL reference "file:" not "recognised")
From:       Don Sanders <sanders () kde ! org>
Date:       2001-04-29 17:11:00
[Download RAW message or body]

On Sunday 22 April 2001 16:11, Michael Häckel wrote:
> ----------  Forwarded Message  ----------
> Subject: Re: Bug#24528 acknowledged by developer (kmail URL reference
> "file:" not "recognised")
> Date: Sun, 22 Apr 2001 12:11:52 +0200
> From: Remko Scharroo <remko@deos.tudelft.nl>
> To: Michael Häckel <Michael@Haeckel.Net>
>
> > On Sunday, 22. April 2001 02:11, remko@deos.tudelft.nl wrote:
> > > When using an http: or ftp: reference in a mail it is recognised as a
> > > URL, is highlighted and is clickable. However, not so with file:
> >
> > We intentionally disabled file: some time ago for security reasons and
> > because we didn't consider local links in a mail useful.
> > Otherwise it might be too easy possible to execute a possibly dangerous
> > local command with a single click. Maybe in text mails that does not
> > happen that easy, since the users sees the real URL, but at least in HTML
> > mail that is more dangerous, since the displayed string and the URL can
> > differ very much.
> >
> > Regards,
> > Michael Häckel
>
> Dear Michael,
>
> Although I see your point about security, I do not think it is the task of
> the developper to disable options that may possibly form threats to
> security by the stupidity or negligance of the user.

No comment.

> I frequently use file: references in my text mails to colleagues on our
> local network. Instead of attaching a possibly large document to the mail,
> I just refer them directly to the file on disk. Saves disk space, download
> and handling time. I do the same in reverse. When I get large attachments
> that I have to save anyhow to do something useful with them, I replace the
> MIME encoded part by the file: reference. It's a bit annoying that it is no
> longer clickable, while it is (still) in Netscape.
>
> I suggest either of the following options:
> 1) Enable active file: references in text (non-html mails)
> 2) Add an option to enable or disable active file: (or anything) references
> in text (and/or html) mails.
>
> Again, I do not think that (in this case) the developper should make his
> own interpretation of what should be a useful link or not. Besides, I do
> not see why a file: link should be more dangerous than an http: link.

The issue is flammable. I would send a link to the mailing list discussion 
but the web site is down.

> Looking forward to your views on this issue.

I suggest using ftp links, or creating a web page.

Don.
_______________________________________________
Kmail Developers mailing list
Kmail@master.kde.org
http://master.kde.org/mailman/listinfo/kmail

[prev in list] [next in list] [prev in thread] [next in thread] 