On Tue, 19 Nov 1996, Doug Wellington wrote:
> You don't HAVE to allow everything from "vendor A"... You can CHOOSE to
> allow everything from vendor A, but you don't HAVE to allow everything...
> There is a selection box for accepting everything from a particular place,
> and another selection box for accepting everything with a Verisign sig on
> it. I don't select either of those, and I don't suggest that anyone else
> does...
And you explain this policy to the temporary help in the mail room who
has an account for checking UPS packages and decides to visit
www.mailroom.lottery.numbers.com by?
All of a sudden, tens of thousands of people are responsible for the
implementation of my security policy? Explain to me again how this is a
good thing, because I just don't get it.
Viruses are bad enough, but now we have to worry about exploitation of
controls that are legitimately signed, but exploited at a different site,
or from a site who's key has been compromised? I smell a start-up in the
making, "Active-Wall Signature and Control Scanner v 1.0" anyone?
No, plug-ins aren't great, but using that as an excuse to justify Active-X is
stupid.
Paul
-----------------------------------------------------------------------------
Paul D. Robertson "My statements in this message are personal opinions
proberts @
clark .
net which may have no basis whatsoever in fact."
PSB#9280
References:
|
|
