X-Git-Url: https://asedeno.scripts.mit.edu/gitweb/?a=blobdiff_plain;f=doc%2Fconfig.but;h=c351a1b2be222acdf611a889b168e27f6e7a380d;hb=12e019bafc75cb441e965c63e15dfceeaf71ca1e;hp=b08d6dde920ef084fc5ad76b2ddd785f51ef39e9;hpb=e2215a31f6cca9b99adab549b5e96a2a7c24ff69;p=PuTTY.git

diff --git a/doc/config.but b/doc/config.but
index b08d6dde..c351a1b2 100644
--- a/doc/config.but
+++ b/doc/config.but
@@ -184,6 +184,11 @@ compressed, etc) packets are \e{also} logged. This could be useful to
 diagnose corruption in transit. (The same caveats as the previous mode
 apply, of course.)
 
+Note that the non-SSH logging options (\q{Printable output} and
+\q{All session output}) only work with PuTTY proper; in programs
+without terminal emulation (such as Plink), they will have no effect,
+even if enabled via saved settings.
+
 \S{config-logfilename} \q{Log file name}
 
 \cfg{winhelp-topic}{logging.filename}
@@ -882,7 +887,7 @@ commands from the server. If you find PuTTY is doing this
 unexpectedly or inconveniently, you can tell PuTTY not to respond to
 those server commands.
 
-\S{config-features-qtitle} Disabling remote \i{window title} querying
+\S{config-features-qtitle} Response to remote \i{window title} querying
 
 \cfg{winhelp-topic}{features.qtitle}
 
@@ -899,8 +904,28 @@ service to have the new window title sent back to the server as if
 typed at the keyboard. This allows an attacker to fake keypresses
 and potentially cause your server-side applications to do things you
 didn't want. Therefore this feature is disabled by default, and we
-recommend you do not turn it on unless you \e{really} know what you
-are doing.
+recommend you do not set it to \q{Window title} unless you \e{really}
+know what you are doing.
+
+There are three settings for this option:
+
+\dt \q{None}
+
+\dd PuTTY makes no response whatsoever to the relevant escape
+sequence. This may upset server-side software that is expecting some
+sort of response.
+
+\dt \q{Empty string}
+
+\dd PuTTY makes a well-formed response, but leaves it blank. Thus,
+server-side software that expects a response is kept happy, but an
+attacker cannot influence the response string. This is probably the
+setting you want if you have no better ideas.
+
+\dt \q{Window title}
+
+\dd PuTTY responds with the actual window title. This is dangerous for
+the reasons described above.
 
 \S{config-features-dbackspace} Disabling \i{destructive backspace}