Feedback wanted regarding prettyURL()
Thiago Macieira
thiago at kde.org
Thu Aug 16 23:14:46 BST 2007
Ismail Dönmez wrote:
>On Thursday 16 August 2007 18:31:48 Dirk Mueller wrote:
>> Hi,
>>
>> To avoid the latest announced url spoofing attacks in a general way, I
>> suggested to shorten the username, to avoid that the user
>> misinterprets the username actually as part of the hostname.
>>
>> this however breaks the url pretty badly: the username is not really
>> valid anymore. on the other hand, its unlikely that there will be a
>> very long username given, especially if no password has been added.
>>
>> Comments, opinions?
>
>This has my vote, else its pretty easy to spoof a URL [0]
>
>[0] http://alt.swiecki.net/konq3.html
How about always squeezing any long URL in the Location bar? Or, even
better, intelligently squeezing the parts that come before ref and query.
Display the whole thing only when editing.
--
Thiago Macieira - thiago (AT) macieira.info - thiago (AT) kde.org
PGP/GPG: 0x6EF45358; fingerprint:
E067 918B B660 DBD1 105C 966C 33F5 F005 6EF4 5358
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part.
URL: <http://mail.kde.org/pipermail/kde-core-devel/attachments/20070817/3389a0ef/attachment.sig>
More information about the kde-core-devel
mailing list