[pmwiki-users] how does one encode "file:" link in a wiki page?

Hochstrasser Benedikt bhoc at pentagroup.ch
Mon Jan 24 17:44:49 CST 2005


 
Patrick R. Michaud wrote:

> This sort of thing also happens with IE and a few 
> other browsers -- namely, the browser processes a 
> file:-url differently if  typed in an address bar 
> versus coming from the markup of an HTML page.
> I don't know why this is, but it just is.  :-)

Security. Just think of an image that is loaded via
<img src=file:///.....>. If the operating system does
not have an "active" access token for the resource,
it tries to use passthrough authentication (supplying
the credentials again), in some unfortunate cases even
with plaintext authentication. Would be ideal for phishing
userid/password pairs... (I know that most firewalls filter
out NetBIOS/CIFS/SMB traffic, but ...)

-- 
Ben




More information about the pmwiki-users mailing list