Page 1 of 1
RFE: ignorePorts=false and untrusted
Posted: Tue Sep 27, 2011 8:19 am
by al_9x
when ignorePorts=false is applied to the whitelist it pulls in a more restrictive direction, less implicit trust
but when applied to the blacklist, the same setting pulls in a less restrictive direction, less implicit distrust
That's a bit schizophrenic, I think it makes sense to decouple its application. It either shouldn't apply to untrusted at all, or there should be a separate setting.
Re: RFE: ignorePorts=false and untrusted
Posted: Wed Sep 28, 2011 7:48 am
by Giorgio Maone
al_9x wrote:It either shouldn't apply to untrusted at all
This. It should just be a UI issue, though, isn't it? (i.e. site specifications listed for "Mark as untrusted" should never contain ports)
Re: RFE: ignorePorts=false and untrusted
Posted: Wed Sep 28, 2011 1:59 pm
by al_9x
Giorgio Maone wrote:al_9x wrote:It either shouldn't apply to untrusted at all
This. It should just be a UI issue, though, isn't it? (i.e. site specifications listed for "Mark as untrusted" should never contain ports)
By just a UI issue do you mean that the difference between untrusted and non-whitelisted is just cosmetic?
So you agree that the current behavior should be changed? Now ignorePorts=false does apply to untrusted, if domain.invalid is marked untrusted, domain.invalid:port is not treated as untrusted.
Re: RFE: ignorePorts=false and untrusted
Posted: Wed Sep 28, 2011 10:09 pm
by Giorgio Maone
al_9x wrote:So you agree that the current behavior should be changed?
Yes I do.