h a l f b a k e r y
Not just a think tank. An entire army of think.
idea:
add, search, annotate, link, view, overview, recent, by name, best, random
meta:
news, help, about, links, report a problem
account:
Browse anonymously,
or get an account
and write.
or Create a new account.
|
|
|
Please log in.
If you're not logged in,
you can see what this page
looks like, but you will
not be able to add anything.
One scam which is starting to appear in emails and other places is the jinxed link like <a href="http:// www.ebay.com/ whatever /anyone/wants/to/ put/ here/ ABC123456789?q=45984124@ehay.com/ login">https:// www.ebay.com</a>. A user clicking on the link would expect to go to ebay.com, but would instead
be sent to ehay.com.
Since I'm not aware of any legitimate reason for a URL to contain an "@" sign [with URL-ish looking text to the left of it], it would a browser could pop up a warning to indicate that a link contains an "@" sign [and suspicious text to the left] and thus is likely not as it appears. [Comments in brackets added]
Annotation:
|
| |
The @ sign is used to separate username/password from URL in links that require a password like:
ftp://user:pass@my.ftpsite.com
|
|
| |
DeathNinja: Thanks for that information. It would seem that the warning could still be applied if the stuff to the left of the @ sign starts with what appears to be a hostname and path. |
|
| |
The @ sign is used (generally lots of times) in the URLs of Lotus Domino servers. Plus when the anchor points to an email address "<a href="mailto://...". |
|
| |
Sites that don't use password authetication ignore everything in front of the @ symbol. |
|
| |
Placing a URL in a spam message like: http://www.happycuddleclub.com/
index.html@pornosite.com/custardsluts/index.html would give the people the idea that the Happy Cuddle Club was where they were going. |
|
| |
Giving an option (defeatable) to tell the person there's an @ symbol (other than a mailto: link) in the link is a definate +. |
|
| |
That being said, all bets are off if you are clicking on links in spam. Just don't do it, OK? |
|
| |
Baked.
Opera already does this.
Trying to go to
http://news.bbc.co.uk@fuckwittage.org/
pops up an OK/Cancel box
saying: |
|
| |
You are about to go to an
address containing a
username. |
|
| |
Username: news.bbc.co.uk
Server: fuckwittage.org |
|
| |
Are you sure you want to go
to this address? |
|
| |
// it would a browser could pop up a warning to indicate that a link contains an "@" sign and thus is likely not as it appears. [supercat, 8/20/03]// |
|
| |
Might have been read as "...it would [be nice if...], or [satisfy my expectations if...], or [be the least I'd accept for the big bucks I shell out each month for this ISP if...] a browser could pop up..." |
|
| |
Heh...Good idea, supercat. I'm convinced you posted correctly but those jerks @ ehay.com sabotaged your message. |
|
| |
I agree on the popups. My boss has a collection on his office door of an astonishing variety of annoying popups produced by various applications. Perhaps a "balloon help" could appear near the URL bar explaining it. The nice thing about those is they catch your attention, but go away on their own. |
|
| |
As has been noted, there are legitimate reasons to have a URL of the form http://user:pass@wherever.com. On the other hand, it would seem unlikely that usernames and/or passwords would take the form of valid-looking URL's. A username of domain.com would be plausible, but domain.com/otherstuff would seem rather dodgy. |
|
| |
Besides, even if there were an erroneous pop-up, if it were possible to tell the computer "this particular hostname legitimately expects user/pass; don't bother me about it again" I don't think the occasional popups thus generated would be a problem. |
|
| |
sorry, [Ravenswood], my browser (IE 6.0) just scrolls the text off, unreadable or scrollable to the right. This didn't used to happen. Maybe someone changed the CSS code to not mess up the format, but needs a certain browser to work... |
|
| |