Re: Security in HTTP and caches

Ari Luotonen (luotonen@neon.mcom.com)
Thu, 3 Nov 1994 12:15:50 +0100

> 1) check with a HEAD request to the server that it can be accessed (this
> also serves to check the freshness of the cache...).

I don't see at all how this would fix the problem. If it was
accessible last time so it could be cached it will be accessible this
time, too (unless remote config changed). HEAD is so terribly
inefficient anyway it should be completely buried.

No, the problem is that with the proxy the server sees the proxy IP
and not the client IP. The solution would be to have the proxy tell
the remote server the client IP address. Then again, without a secure
protocol the proxy can give whichever address it likes, so this is
very very vulnerable. You really need a secure protocol before this
works at all.

The problem is not quite as bad as it seems because proxies are
usually local, explicitly protected against use by outside parties, so
IP protection still pretty much works domain-wise, and usually access
control isn't more fine-grained anyway.

> (a) the client should always fills in the from field (if nothing else,
> with "nobody"@current-domain-name).

The great public fiercely disagrees having their email address
automatically sent -- it's a privacy issue, and I so wouldn't enforce
the From field.

> (2) Allow servers to use host based authentication based on From address
> rather than socket-peer address.

>From field is much easier forge than peer address, even a newbie could
do it.

Cheers,
--
Ari Luotonen __ __ / _____/ __ / __ __ /
Mosaic Communications Corporation / / / / / / / / /
650 Castro Street, Suite 500 / / / / / / / / /
Mountain View, CA 94041, USA _/ _/ _/ ______/ _____/ _/ _/ _/