>Is there anyone who has analyzed this for security implications? Why
>buy a nice, strong, iron door and then cut big holes in it? Scary
>stuff, I think... I'd love to see anyone's work on examining this
>sort of thing through a firewall (anyone's).
The current version of NCSA's Mosaic for UNIX has a gaping hole in it.
(See postings in comp.security.*.) Assuming the firewall just ships
bits across the firewall and doesn't do a thorough job of sanitizing
the html (which Mosaic should have done anyway, even in a non-firewall
environment), then you've got problems.
Columbia University fuat @
703 Watson Labs 212-854-4804
612 W115th Street 212-662-6442 (Fax)
New York, NY 10025