solution time for www/smtp hole

Marc Andreessen (marca@ncsa.uiuc.edu)
Thu, 12 Aug 93 19:13:39 -0500

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Lou Montulli: "anchors with the same name."
Previous message: Tony Sanders: "Re: WWW Security Hole -- Bull!"
Next in thread: mkgray@athena.mit.edu: "Re: solution time for www/smtp hole"

OK, let's bring this thing to a close.

How about we start disallowing Gopher connections to anything other
than 70 and 71 (some Gopher servers use the latter), HTTP connections
to anything other than 80, Z39.50 and 210, and NNTP connections to
anything other than (whatever the NNTP port is), etc. -- except for
>1024, which is wide open.

Is that sufficient to make AT&T and MvH happy? Does it cause any
impact on *current* functionality?

Is it also necessary to prohibit escaping of cr/lf?

Marc

Next message: Lou Montulli: "anchors with the same name."
Previous message: Tony Sanders: "Re: WWW Security Hole -- Bull!"
Next in thread: mkgray@athena.mit.edu: "Re: solution time for www/smtp hole"