From: Ryan Russell/SYBASE <Ryan .
Russell @
sybase .
com>
The proxy doesn't have to route mail, and
routing mail isn't easy either, but the security
pieces under discussion would be the
same, no?
From: adam @
homeport .
org (Adam Shostack) @ smtp
I disagree strongly. An MTA needs to parse addresses to make routing
decisions, and needs to write files to be private to many user ids.
Parsing user controlled data safely is not trivial. Writing safely to
files under the users control is not trivial (although a real MTA
should pass that function off to a delivery agent, like procmail).
Ryan Russell/SYBASE wrote:
| If was easy to write an SMTP proxy that was secure, then
| it would also be easy to write an SMTP server process
| that was secure as well. It's the same problem. Are the programmers
| who write SMTP servers now really that bad, or are you
| oversimplifying the problem?
Mail and DB access are just not the same beasts. Mail is a one-way
communication. If you want to send a reply, that's a separate, one-way
communication. DB access is two-way -- you are expecting something back from
the database. That means that you care about not giving out too much
information. Also, sending mail can't hurt you, unless you use a silly mail
reader that automatically starts executing programs, or you fail to take
precautions when reading attachments. A DB request can cause your DB to be
broken, your data to be corrupted, or your entire DB to be deleted!
I believe that most people realize the difference in the level of risk, as can
be seen by the fact that pretty much everyone with an Internet connection
exchanges e-mail with the world, but everyone is concerned about putting their
DBs online....
--
-- Bill Van Emburg
Phone: 908-235-2335 Quadrix Solutions, Inc.
Fax: 908-235-2336 (bve @
quadrix .
com)
Check out http://yourtown.com! (http://quadrix.com)
"You do what you want, and if you didn't, you don't"
|
|
