Re: WWW Security Hole Marc VanHeyningen <firstname.lastname@example.org>
From: Marc VanHeyningen <email@example.com>
To: firstname.lastname@example.org (Marc Andreessen)
Subject: Re: WWW Security Hole
In-reply-to: Your message of "Thu, 12 Aug 1993 16:15:13 EST."
Date: Thu, 12 Aug 1993 16:53:18 -0500
>> What I'm more concerned with now is your comments on the insecurity
>> of WWW itself. If this is clearly true, we will have to immediately
>> pull it off all our machines here (which we'll need to do if there
>> isn't a "comfortable" answer to this...). Once this is done, I
>> suspect we'll never be able to put mosaic back. I'm sure everyone
>> across the board in corporate settings will have to do so also, so
>> let's see if we can resolve this QUICKLY and satisfactorily to keep
>> WWW going strong.
>You run Unix and TCP/IP on your systems, accept the security risks
>therein, and yet think it's an crisis when it turns out that
>WWW/Mosaic/Gopher/etc. are no more secure than all the rest of the
>package? Does that really make sense?
Yes. AT&T uses firewalls up the wazoo. Having objects imported
through a firewall which cause network transactions specified by
someone outside the wall to be performed within it have the effect of
bypassing its protection, and thus involves a lot more risks than
plain old FTP/SMTP/NNTP/etc.
Marc VanHeyningen email@example.com MIME, RIPEM & HTTP spoken here