rlogin URLs

David Condon david at uci1.cwru.edu
Tue Nov 21 02:11:39 EST 1995


> 
> What experience do people have with browsers supporting rlogin URLs.  I'm  
> trying to link from our home page to a large number of terminal-based  
> applications, and our resident security expert is uneasy that  
> "telnet://user@host.domain.edu" presents a user with a login prompt.  If  
> we could rely on browsers supporting it, he would rather see  
> "rlogin://user@host.domain.edu" and remove one more opportunity for people  
> to mess around.

rlogin is generally considered _ much more_ insecure than telnet, not less, 
because of the .rhosts mechanism available to any user (on a "wide-open" 
system) to specify other hosts which may login using that user's identity, 
combined with the fact that hostnames can be spoofed, and the possibility of
users creating or messing with an .rhosts file in another user's home
directory. As for getting a login prompt, you get that anyway if you rlogin
and then enter an incorrect password.

> 
> I'm stuck in something of a platform backwater at the moment, and can only  
> experiment with Lynx and OmniWeb (which support rlogin, as you'd expect  
> from a browser that can run a Unix command line) and Mac Netscape 2.0b2,  
> which treats it exactly the same as a telnet URL.
> 
> Is that what I'm likely to find with other common browsers?
> 
> 
> Thomas Dowling
> OhioLINK
> 


-- 
David Condon, Librarian                   |        david at uci1.cwru.edu
Cleveland Museum of Natural History       |
1 Wade Oval Drive, University Circle      |        +1 (216) 231-4600 ext.222 
Cleveland, Ohio 44106-1767                |        Fax: +1 (216) 231-5919


More information about the Web4lib mailing list