solution time for www/smtp hole

marca@ncsa.uiuc.edu (Marc Andreessen)

Mail folder: WWW Talk Jul-Oct 1993
Next message: Lou Montulli: "anchors with the same name."
Previous message: Tony Sanders: "Re: WWW Security Hole -- Bull! "
Reply: mkgray@athena.mit.edu: "Re: solution time for www/smtp hole "
Reply: Marc Andreessen: "Re: solution time for www/smtp hole "
Reply: Marc VanHeyningen: "Re: solution time for www/smtp hole "
Reply: Rob Raisch: "Re: solution time for www/smtp hole"

Date: Thu, 12 Aug 93 19:13:39 -0500
From: marca@ncsa.uiuc.edu (Marc Andreessen)
Message-id: <9308130013.AA21498@wintermute.ncsa.uiuc.edu>
To: www-talk@nxoc01.cern.ch
Subject: solution time for www/smtp hole
X-Md4-Signature: c45540ffc30512e63574cd934e87b24b
Status: RO

OK, let's bring this thing to a close.

How about we start disallowing Gopher connections to anything other
than 70 and 71 (some Gopher servers use the latter), HTTP connections
to anything other than 80, Z39.50 and 210, and NNTP connections to
anything other than (whatever the NNTP port is), etc. -- except for
>1024, which is wide open.

Is that sufficient to make AT&T and MvH happy?  Does it cause any
impact on *current* functionality?

Is it also necessary to prohibit escaping of cr/lf?

Marc