On Thursday, September 26, 1996 2:59 PM, potlicker @
morebbs .
com wrote:
>Suppose there is a firewall with a hole poked in it that permits access
>to a web server. Suppose also that the people posting on the web server
>are placing documents there in native format and providing viewer
applications
>for people to look at the documents, so that they don't have to churn out
>lots of html documents.
>
>What are the risks to the web site from providing viewers such as
>Quick View Plus and Key View instead of having everything in html?
As far as I see, there isn't any large risk to the web server if all the
clients are doing is initiating an http download of a document (regardless
of format) and having the browser spawn a viewer file based on the
MIME-type entered in the web server's table. Most of the risk is on the web
client, as the viewer or document may be hostile (document may trigger
nasty results from an improperly configured or poorly written viewer app -
a la Microsoft Word Macro nastiness).
--
Gene Lee
genel @
inforamp .
net
genelee @
vnet .
ibm .
com
Follow-Ups:
|
|
