Crossfire Mailing List Archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Documentation ...
- To: "Rupert G. Goldie" <>
- Subject: Re: Documentation ...
- From: Petri Heinil{ <>
- Date: Tue, 19 Apr 1994 15:24:54 +0300 (EETDST)
- cc: crossfire (at) ifi.uio.no
- In-Reply-To: <>
On Tue, 19 Apr 1994, Rupert G. Goldie wrote:
> > > Unfortunately, some of us are on the other side of a fire-wall. This
> > > means *nothing* besides FTP, telnet, and mail gets in OR out. This means
> > > I *can't* use WWW or Mosaic.
> >
> > Hmm, I think you should take the Skullcleaver and go to talk
> > to your company security people :). The stateful sessions like,
> > telnet and ftp are much more bigger security risk, than stateless
> > sessions like WWW or gopher.
> >
>
> No, actually. Until the recent version 2.3 Mosaic had an appalling security
> hole. It was possible for someone to write a URL which would execute arbitrary
> commands on your machine (and a firewall would not stop it) !
> On the other hand we are behind a firewall and let WWW through, but it is a
> matter of weighing the risk/benefit. For some companies it may not be worth
> the risk.
>
> > Your company is lost incredible good information source if it
> > does not let people go out to use WWW. (no talk to let anyone
> > access in, just out).
> >
>
> It is useful, but don't assume that it isn't a security risk.
That's right. When usign services the is no absolute security.
Because the programs are human made there is always bugs, that
allows security holes. I think this will also apply to client
server version of the crossfire.
-- <A HREF="http://www.lut.fi/~hevi/">The Page</A> --