Great Circle Associates Firewalls
(July 1996)

Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]

Subject: New version of Java, JavaScript, ActiveX screening http-gw patch
From: carl @ hdshq . com
Date: Tue, 2 Jul 1996 18:56:20 -0800
To: firewalls @ greatcircle . com

I have posted the latest version of my patches to the TIS fwtk http-gw module, that
provide site control over Java, JavaScript and/or ActiveX embedded in web pages.

The patches exist for both http-gw V1.4 and http-gw V2.0alpha, and can be found

The administrator can define global or per-client-host policies defining removal of
these applets from the pages as they are browsed.

In addition, this version allows the administrator to define browsers as safe for
these applets based on the User-agent: header line automatically generated by
browsers with each request.

This allows the selective admission of applet types for browser releases the
administrator deems "safe" while stripping the applets from web pages for all users
of other browser versions/releases.

ActiveX, the Microsoft extension of OLE (OCXs), will allow web pages to invoke
application programs on the client PC. JavaScript is a web page scripting language
which is mostly independent of Java.

The code base for these context diffs is provided by Trusted Information Systems
firewall toolkit (fwtk), which can be retrieved from

The fwtk exists in both V1.3 and 2.0alpha version. The component http-gw of the fwtk
is modified by these patches to provide the screening functionality. V1.3 http-gw must
be upgraded first by the http-gw patches on, to reach the V1.4 base
level upon which I built my patch.

Carl V Claunch
Hitachi Data Systems

Indexed By Date Previous: Re: /etc/shadow encryption
From: frank @ ansto . gov . au (Frank Crawford)
Next: Chrooted home directories ?
From: felipe @ avatar . pty . com (Ing. Felipe Tribaldos)
Indexed By Thread Previous: Re: AOL and Compuserve through f/wall
From: Darwin Martinez <Darwin_Martinez @ INS . COM>
Next: Chrooted home directories ?
From: felipe @ avatar . pty . com (Ing. Felipe Tribaldos)

Search Internet Search