I understand you have been looking at security problems with
World-Wide Web software, including the Mosaic browser. We'd be
interested in your findings. Some of the things may stem from code
from CERN's general www client library which is used by many clients
ans servers, not just Mosaic. There are many WWW servers, and each
may have its own security weaknesses. Some of the mail I have
seen dowsn't distinguish between client and server weknesses, and
doesn't mention which httpd was used.
If you discover any problems with WWW code, please copy
www-bug @
info .
cern .
ch and me. Some mails from security mailing lists
have mentioned problems but it doesn't help if you don't get back to the
developers. Another address you might consider for generic WWW
problems (URls etc) is www-talk @
info .
cern .
ch but that has a very
high traffic rate, and so we don't guarantee to read that ourselves.
If we can put together a general set of advice for server
managers, then I would like to add it to the documentation
we distribute. Client users never read documentation, of course,
so the software has to be careful for them, but we should be able
fix most of these in the common library.
Tim Berners-Lee
WWW project
CERN
|
|
