Re: WWW Security Hole

marca@ncsa.uiuc.edu (Marc Andreessen)
Date: Thu, 12 Aug 93 16:15:13 -0500
From: marca@ncsa.uiuc.edu (Marc Andreessen)
Message-id: <9308122115.AA21221@wintermute.ncsa.uiuc.edu>
To: rhb@hotsand.att.com
Cc: www-talk@nxoc01.cern.ch
Subject: Re: WWW Security Hole
In-reply-to: <9308121936.AA14806@hotsand.dacsand>
References: <9308121936.AA14806@hotsand.dacsand>
X-Md4-Signature: 18ba23882f4089f8886a6757b103fbd3
Status: RO
rhb@hotsand.att.com writes:
> What I'm more concerned with now is your comments on the insecurity
> of WWW itself.  If this is clearly true, we will have to immediately
> pull it off all our machines here (which we'll need to do if there
> isn't a "comfortable" answer to this...).  Once this is done, I
> suspect we'll never be able to put mosaic back.  I'm sure everyone
> across the board in corporate settings will have to do so also, so
> let's see if we can resolve this QUICKLY and satisfactorily to keep
> WWW going strong.

You run Unix and TCP/IP on your systems, accept the security risks
therein, and yet think it's an crisis when it turns out that
WWW/Mosaic/Gopher/etc. are no more secure than all the rest of the
package?  Does that really make sense?

Marc