Re: WWW Security Hole -- Bull!

Tony Sanders <>
Message-id: <9308130056.AA16337@austin.BSDI.COM>
Subject: Re: WWW Security Hole -- Bull! 
In-reply-to:'s message of Thu, 12 Aug 93 19:45:33 EDT.
Organization: Berkeley Software Design, Inc.
Date: Thu, 12 Aug 1993 19:56:10 -0500
From: Tony Sanders <>
Status: RO
> 	What WWW (and also Gopher) offers is something without precedent a few
> 	years ago; a very general ability to pass around objects which, when
> 	received, cause someone else to perform a particular network
> 	transaction without being specifically aware of doing so, potentially
> 	turning clients into gateways.  Is it so surprising that there are new
> 	security concerns?  I'm amazed (and pleased) there have been so few
> 	problems.
> 	- Marc
> 	--
> 	Marc VanHeyningen  MIME, RIPEM & HTTP spoken here
> 						    ^^^^
> Don't take this wrong (i.e., from the tone of the last two messages), but what
> about MIME??!  The MIME/ghostview security hole was potentially much more devastating than
> the one you've uncovered for many reasons.  From your analysis, I would say that we should
> throw out MIME...

No, we should throw out application/postscript or fix ghostscript.

So throw out gopher or fix it.