Firewall Wizards mailing list archives

Re: HTML multipart/report

From: James Croall <jcroall () tis com>
Date: Wed, 10 Jun 1998 14:03:22 -0400

At 12:42 PM 6/10/98 +0100, you wrote:

Gauntlet blocks multipart data coming through the http proxy.  Anyone know
of current problems with this type of data?

It would seem that the only time I see it getting denied, it when someone
on the inside is trying to upload a file to a remote site.  Does this type
of data ever occur on inbound data?


Don't quote me on this, but I think that dates back to a problem with Netscape
Navigator. A while back the Netscape "file upload bug" got quite a bit of
press,
which allowed a malicious web site to steal files from user's workstations.
That
option allowed the firewall administrator to protect everybody with one
setting.

That bug shouldn't be a problem these days, but that option should still be
useful
where there are strict policies on exporting data.

- James

(standard disclaimer here)

Current thread:

HTML multipart/report Dave Roberts (Jun 10)
- Re: HTML multipart/report John Labovitz (Jun 11)
- <Possible follow-ups>
- Re: HTML multipart/report James Croall (Jun 11)
- Re: HTML multipart/report Olivier CALEFF (Jun 12)