Re: WWW Security Hole -- Bull!

Tony Sanders (sanders@bsdi.com)
Thu, 12 Aug 1993 19:56:10 -0500


>
> What WWW (and also Gopher) offers is something without precedent a few
> years ago; a very general ability to pass around objects which, when
> received, cause someone else to perform a particular network
> transaction without being specifically aware of doing so, potentially
> turning clients into gateways. Is it so surprising that there are new
> security concerns? I'm amazed (and pleased) there have been so few
> problems.
>
> - Marc
> --
> Marc VanHeyningen mvanheyn@cs.indiana.edu MIME, RIPEM & HTTP spoken here
> ^^^^
> Don't take this wrong (i.e., from the tone of the last two messages), but what
> about MIME??! The MIME/ghostview security hole was potentially much more devastating than
> the one you've uncovered for many reasons. From your analysis, I would say that we should
> throw out MIME...

No, we should throw out application/postscript or fix ghostscript.

So throw out gopher or fix it.

--sanders