On Jun 30, 2008, at 10:43 PM, James Hess wrote:
Sure, nefarious use of say .local could cause a few problems but
this is
I'd be more concerned about nefarious use of a TLD like ".DLL",
".EXE", ".TXT"
Or other domains that look like filenames.
Like .INFO, .PL, .SH, and, of course, .COM?
People keep making the assertion that top-level domains that have the
same strings as popular file extensions will be a 'security disaster',
but I've yet to see an explanation of the potential exploits. I could
maybe see a problem with ".LOCAL" due to mdns or llmnr or ".1" due to
the risk of someone registering "127.0.0.1", but I've yet to see any
significant risk increase if (say) the .EXE TLD were created. Can
someone explain (this is a serious question)?
Seeing as a certain popular operating system confounds local file
access via
Explorer with internet access...
I gather you're implying MS Windows does this?
You may think "abcd.png" is an image on your computer... but if you
type that into your address, er, location bar, it may be a website
too!
Is there a browser (Internet Explorer? I don't run Windows) that
looks on the local file system if you don't specify 'file://'?
Wouldn't that sort of annoy the folks who run (say) help.com?
Regards,
-drc
