Re: RFC2368 security considerations

To: mutt-dev@xxxxxxxx
Subject: Re: RFC2368 security considerations
From: Thomas Roessler <roessler@xxxxxxxxxxxxxxxxxx>
Date: Mon, 13 Jun 2005 17:10:59 +0200
In-reply-to: <20050613150351.GA24746@xxxxxxxxxxxxx>
Mail-followup-to: mutt-dev@xxxxxxxx
References: <20050610090018.GA5066@xxxxxxxxxxxxxxxxxxxxxxxxxx> <20050612164644.GK17359@xxxxxxxxxxxxxxxxxxxxxxxxxxxx> <20050613150351.GA24746@xxxxxxxxxxxxx>
Sender: Thomas Roessler <roessler@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>
User-agent: Mutt/1.5.9i

On 2005-06-13 17:03:51 +0200, Vincent Lefevre wrote:

> On 2005-06-12 18:46:44 +0200, Thomas Roessler wrote:
> > One thing we could do is to restrict the headers accepted from a
> > mailto URL to those shown on the compose screen, maybe even minus
> > From.  Everything else could either be disregarded, or maybe have
> > "x-mailto-url" prepended to it.

> An x-mailto-url header would be a security hole as such a URL could
> be a private one (i.e. on a private page, such as on an intranet or
> after authentication) and contain sensitive information (e.g. Bcc
> addresses).

The idea is not to include any particular URL, but rather the
following: When a mailto header suggests adding a From address, then
it's added to the message as X-Mailto-URL-From -- so people who use
edit-headers still can see it, but at the same time, no "dangerous"
headers are set.

-- 
Thomas Roessler · Personal soap box at <http://log.does-not-exist.org/>.

Follow-Ups:
- Re: RFC2368 security considerations
  - From: Vincent Lefevre

References:
- RFC2368 security considerations
  - From: TAKAHASHI Tamotsu
- Re: RFC2368 security considerations
  - From: Thomas Roessler
- Re: RFC2368 security considerations
  - From: Vincent Lefevre

Prev by Date: Re: RFC2368 security considerations
Next by Date: Re: RFC2368 security considerations
Previous by thread: Re: RFC2368 security considerations
Next by thread: Re: RFC2368 security considerations
Index(es):
- Date
- Thread