deny file://c:\ link?

Mike Mitchell mdm at nbpl.lib.tx.us
Mon Oct 26 11:30:33 EST 1998


Sorry for reposting but I'm a little concerned about how to stop this but
have yet to get any responses. 

What must I do to keep a page like this:

<http://207.207.16.101/~mdm/>

from opening Win95 Explorer and making the C:\ drive available to the patron
using Internet Explorer 3.x? Until I accidentally came upon this, I've been
using the Win95 policy editor and Winselect 3.x to lock down the computers
with good success. The drives are hidden and users can't type in file: or c:
in the Iexplorer address box, etc. But, once they get the C: drive open with
this (and they can make their own page like this easily enough through Yahoo
or whatever) they can do anything they want. So, obviously I just have the
user interface locked down and not the system itself. Must I employ
something like Fortress 101 to prevent this or is a way to just disable the
file:// URL execution in IExplorer. I've seen that it takes a hex editor to
do this in Netscape. I know I can use Win95 policy editor to only allow
certain programs to be run after they get the C: drive open but I'd rather
not do that unless I have to- seems like a good way to disable too much. TIA.

Mike Mitchell
Tech Services Librarian/System Administrator
Dittlinger Memorial Library
New Braunfels, TX 
mdm at nbpl.lib.tx.us




More information about the Web4lib mailing list