From: Marcin 'Qrczak' Kowalczyk (qrczak@knm.org.pl)
Date: Fri Feb 11 2005 - 09:00:09 CST
Peter Kirk <peterkirk@qaya.org> writes:
> Perhaps a better approach would be for browsers, as a default option
> which can be switched off, to warn users about mixed script domain
> names (or even any non-ASCII domain names) with a dialogue box,
> something like: "Domain name paypal.com contains non-Latin
> character(s). This may be a security risk. Are you sure you want to
> go to this domain? OK Cancel".
I think it's better to develop rules about what to accept without
a warning, rather than what to reject (by "reject" I mean "possibly
accept after confirmation").
This means picking subsets of characters corresponding to scripts or
languages used in domain names, with added digits and safe punctuation,
and checking whether each part of the name has only characters which
are completely within one of the sets.
Don't look for wrong patterns. Ensure that there is a good pattern
instead. In particular characters not belonging to any regular writing
system, like arrows or half-wide Latin letters, are rejected.
-- __("< Marcin Kowalczyk \__/ qrczak@knm.org.pl ^^ http://qrnik.knm.org.pl/~qrczak/
This archive was generated by hypermail 2.1.5 : Fri Feb 11 2005 - 09:01:49 CST