<<< Date Index >>>     <<< Thread Index >>>

Re: RFC2368 security considerations



On 2005-06-13 17:03:51 +0200, Vincent Lefevre wrote:

> On 2005-06-12 18:46:44 +0200, Thomas Roessler wrote:
> > One thing we could do is to restrict the headers accepted from a
> > mailto URL to those shown on the compose screen, maybe even minus
> > From.  Everything else could either be disregarded, or maybe have
> > "x-mailto-url" prepended to it.

> An x-mailto-url header would be a security hole as such a URL could
> be a private one (i.e. on a private page, such as on an intranet or
> after authentication) and contain sensitive information (e.g. Bcc
> addresses).

The idea is not to include any particular URL, but rather the
following: When a mailto header suggests adding a From address, then
it's added to the message as X-Mailto-URL-From -- so people who use
edit-headers still can see it, but at the same time, no "dangerous"
headers are set.

-- 
Thomas Roessler · Personal soap box at <http://log.does-not-exist.org/>.