Re: Documentation ...

[Petri Heinil{ <Petri.Heinila@lut.fi>]

On Tue, 19 Apr 1994, Rupert G. Goldie wrote:

> > > Unfortunately, some of us are on the other side of a fire-wall.  This  
> > > means *nothing* besides FTP, telnet, and mail gets in OR out.  This means  
> > > I *can't* use WWW or Mosaic.
> > 
> > Hmm, I think you should take the Skullcleaver and go to talk
> > to your company security people :). The stateful sessions like,
> > telnet and ftp are much more bigger security risk, than stateless
> > sessions like WWW or gopher.
> >
> 
> No, actually. Until the recent version 2.3 Mosaic had an appalling security
> hole. It was possible for someone to write a URL which would execute arbitrary
> commands on your machine (and a firewall would not stop it) !
> On the other hand we are behind a firewall and let WWW through, but it is a 
> matter of weighing the risk/benefit. For some companies it may not be worth
> the risk.
> 
> > Your company is lost incredible good information source if it
> > does not let people go out to use WWW. (no talk to let anyone
> > access in, just out).  
> > 
> 
> It is useful, but don't assume that it isn't a security risk.

That's right. When usign services the is no absolute security.
Because the programs are human made there is always bugs, that
allows security holes. I think this will also apply to client
server version of the crossfire.

-- <A HREF="http://www.lut.fi/~hevi/">The Page</A> --