Re: WWW Security Hole -- Bull!

rhb@hotsand.att.com

Mail folder: WWW Talk Jul-Oct 1993
Next message: Tony Sanders: "Re: WWW Security Hole -- Bull! "
Previous message: Marc VanHeyningen: "Re: WWW Security Hole -- Bull! "
Reply: Tony Sanders: "Re: WWW Security Hole -- Bull! "
Reply: Keith Moore: "Re: WWW Security Hole -- Bull! "

From: rhb@hotsand.att.com
Date: Thu, 12 Aug 93 19:45:33 EDT
Message-id: <9308122345.AA17389@hotsand.dacsand>
Original-From: hotsand!rhb (Richard Brandwein +1 908 949 2135)
To: Marc VanHeyningen <att!att!nxoc01.cern.ch!daemon@dxmint.cern.ch>,
        www-talk@nxoc01.cern.ch
Subject: Re: WWW Security Hole -- Bull!
Status: RO

	
	What WWW (and also Gopher) offers is something without precedent a few
	years ago; a very general ability to pass around objects which, when
	received, cause someone else to perform a particular network
	transaction without being specifically aware of doing so, potentially
	turning clients into gateways.  Is it so surprising that there are new
	security concerns?  I'm amazed (and pleased) there have been so few
	problems.
	
	- Marc
	--
	Marc VanHeyningen  mvanheyn@cs.indiana.edu  MIME, RIPEM & HTTP spoken here
						    ^^^^
Don't take this wrong (i.e., from the tone of the last two messages), but what
about MIME??!  The MIME/ghostview security hole was potentially much more devastating than
the one you've uncovered for many reasons.  From your analysis, I would say that we should
throw out MIME...

Rich Brandwein