[Top] [All Lists]

re: Non-ASCII Internet addresses? (Was: Comment on the draft MIME Part 1 document)

1993-04-29 16:24:26
One note of warning about whatever encoding scheme is devised:

Most unix mail systems prohibit the following set of characters in mail names


Some prevent even more characters.

These characters are all special to the shell and could potentially be used
to create a security hole.


Any such mail systems which do so are *broken*.  Instead of passing mail
addresses through shell command lines (which is where this bug arises) they
should most definitely be passed only through a secure path.  One secure
path may well be writing a function which quote's (*properly*) the string
for safe pasage through the shell.  But this will depend on knowledge of
the particular shell which might well change over time.

Yes it is way convenient to pass addresses through command lines like this.
That is not the point.  Proper and correct processing of e-mail is the point.
If that means you cannot do certain things, then so be it.

<- David Herron <david(_at_)twg(_dot_)com> (work) 
<david(_at_)davids(_dot_)mmdf(_dot_)com> (home)
<- Where su-b-tlety is taken to an art!