> From pmarc @
fnbc .
com Thu Mar 7 15:17:16 1996:
>
> I've been thinking about this whole JavaScript problem. I have
> thought of one solution for sites behind a firewall that use an http
> proxy. An environment variable specifying the browser type is
> passed to the web server. Servers that can be configured to act as
> a proxy could also see this and block based on the browser type.
>
> I would like to be able to block Navigator 2.0 browsers from going
> outside until the JavaScript problem is fixed or it can be turned
> off globally in some less Draconian manner. We cannot afford to
> leave security decisions in the hands of the users in our
> environment.
>
> Now I am searching for an HTTP proxy (commercial or freeware) that
> can be configured to perform this type of filtering. Any
> information on this or a better way to handle it would be
> appreciated.
Not really an answer to your question, but a possible alternative:
What we've done at our site is to turn off the POST actions in a FORM tag with
the Netscape Proxy server. This should limit our vulnerability while still
allowing our users to use the Netscape 2.0 browser. The problems with this are
the fact that you lose FORM functionality and we are still open to attacks via
the GET method. However, this should put a stop to most things.
-----
Vik Varma
System Administrator
VeriSign, Inc
(415) 961-7500
|
|
