At 02:04 PM 2/10/98 +0100, Oliver Kubis wrote:
>I would like to open a new thread on what the possibilities to filter
>active content are, and what these methods offer in terms of security
>Some firewalls do for example filter out ActiveX objects (by looking for
>specific html-tags, I assume). What about filtering out java content? Would
>it be possible to define filters which apply to specific content only, and
>allow content with a certain signature (signed applets) to travel and
>communicate through the firewall?
The Kimera Project at the University of Washington
( http://kimera.cs.washington.edu/ ), Digitivity (
and Princeton University's Secure Internet Programming (SIP) Group
( http://www.cs.princeton.edu/sip/ ) offer varying degrees
of Java filtering resources.
I have used SIP's Java Filter in Netscape 3.x/NT/95 (doesn't seem to work in
Netscape 4.x as far as I can tell). It works well. The only drawback is that
it puts filter controls at the desktop level, which would be hard to manage
in a large user base I think.
Kimera is in the theoretical stage at this point from what I've seen,
but they do discuss firewall issues on their web site.
Digitivity is commercial and I have no experience with it, however,
it has been favorably spoken of by other posters to this list.
YMMV, as always.
>All your comments are highly appriciated.