LISTSERV - HP3000-L Archives

HP3000-L Archives

October 2000, Week 4

HP3000-L@RAVEN.UTC.EDU

	LISTSERV Archives
	HP3000-L Home
	HP3000-L October 2000, Week 4

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: %WARNF and QCTerm [was: Tell command]
From:	Wirt Atmar <[log in to unmask]>
Reply To:	[log in to unmask]
Date:	Mon, 23 Oct 2000 16:43:24 EDT
Content-Type:	text/plain
Parts/Attachments:	text/plain (48 lines)

Tracy writes:

> I thought this list WAS the place to report things on QCTerm.

I certainly don't mind, but I am concerned about cluttering up the list too
much with the small errors. There's not a great deal of philosophy in those;
they're just coding errors and we are pleased to correct them. It's the big
stuff -- the fundamental philsophical items -- where the list really proves
its value for QCTerm.

In that regard, one of the things that's on the immediate to-do list are two
things that people have asked for in Reflection lately on the list -- and
have been able to do.

The first is remotely (under host control) downloading files onto a user's
PC. The second is remotely (under host control) running a program (any
program) on the host PC. Both have appeared on this list as requests for
information on how to do this in just the past month.

I am extremely concerned about putting these two behaviors into QCTerm,
because if the combination is present, there is no end to the amount of
mischief that a remote host program could do to your PC. The effect would be
"cookies on steroids." The remote host that you sign on to could easily cause
the upload of any information that it wished from your PC -- or the remote
host could systematically erase every one of your PC's discs.

What we are planning on putting in QCTerm is the capacity for the host to be
able to print to the default printer that the PC has currently set. We may,
in addition, allow you to download files *only* to a highly specific,
pre-named directory -- and no other. However, I am very reluctant to put in
the capacity to remotely run PC-based programs at all, even though it's quite
simple for us to allow that.

Don't think of QCTerm as a direct-connect, serial-era terminal emulator.
Think of it more as a browser -- and one, if we're successful -- where you
may go to an awful lot of sites where you don't know the integrity level of
the owners of the site. You certainly wouldn't want your browser to be able
to download files to any directory on your PC, nor would you want it to begin
the execution of programs on your PC without your knowledge. Yet that
capability exists in Reflection right at the moment.

I would truly appreciate any comments anyone might have on this subject. This
is one of those "big items." Clearly, people do want to run PC-local programs
remotely, and clearly people want to download files into remote PCs with no
other user intervention. I think both are very dangerous ideas.

Wirt Atmar

ATOM RSS1 RSS2

RAVEN.UTC.EDU